RemoteLeaf Logo
Log in Sign up

Senior Manager, Security Risk Management

6 hours, 24 minutes ago
United States
Full-time
Lead
Program Manager
Cybersecurity
JIRA Looker OAuth SAML Tableau TLS
Apply Now
Affirm

Affirm

Affirm offers a transparent buy now, pay later service founded in 2012 by Max Levchin. No late fees or surprises, just a responsible way to pay over time for your favorite brands.

Diversified Financial Services
1K-5K
Founded 2012
View All Jobs 2

Description

  • Own and evolve Security Governance: maintain policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001) and map them to compliance requirements (SOC2, PCI, applicable regulations).
  • Define and enforce security risk appetite and decision criteria for third-party relationships and integrations, and lead cross-functional governance forums (security steering committee, risk council).
  • Lead the Security TPRM function across the vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
  • Ensure robust fourth-party oversight (subprocessors) and manage remediation and QA cycles driven by Internal Audit and regulators.
  • Oversee high-risk vendor decisions and escalations, establishing clear RACI for partnership contracts and security acceptance criteria.
  • Own program KPIs, dashboards, and reporting (e.g., Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream) and drive improvements in throughput, turnaround time, backlog age, and remediation velocity.
  • Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
  • Implement and maintain QA processes, runbooks, SOPs for ticket ownership, and evidence standards; run quarterly QA and regular operational reviews.
  • Build, coach, and scale the Governance and TPRM teams through hiring, performance management, career development, and act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering; represent Security in executive forums, audits, and regulatory engagements.

Requirements

  • 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams or equivalent leadership experience.
  • Demonstrated ownership of a TPRM or security governance program in a regulated or high-growth technology environment (fintech preferred).
  • Strong knowledge of security frameworks (NIST, ISO) and compliance standards (SOC2, PCI), and experience with vendor risk processes (IRQ/DDQ/SME assessments).
  • Hands-on familiarity with TPRM/GRC and observability tooling such as AuditBoard (or equivalent), Jira, and BI tools (Sigma, Tableau, Looker), including experience with integrations/APIs.
  • Proven experience translating Internal Audit and assessment findings into operational remediation plans and measurable outcomes, with ownership of remediation commitments and timelines.
  • Practical experience with threat-modeling approaches and third-party integration security concerns (APIs, SSO/OAuth/SAML, TLS).
  • Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
  • Excellent stakeholder management and communication skills across legal, procurement, engineering, product, and executive leadership, able to present risk to technical and non-technical audiences.
  • Professional certifications such as CISSP, CISM, CRISC, or similar (preferred).
  • Prior experience in fintech or other highly regulated industries (preferred).

Benefits

  • USA base pay range (CA, WA, NY, NJ, CT): $250,000 - $300,000 per year; other U.S. states: $223,000 - $273,000 per year (base pay is part of total comp).
  • Equity rewards and Employee Stock Purchase Plan (ESPP) enabling discounted purchase of Affirm shares.
  • 100% subsidized medical coverage for employees and dependents, plus dental and vision coverage.
  • Monthly stipends and Flexible Spending Wallets for technology, food, lifestyle needs, family-forming expenses, and wellness/tech spending.
  • Remote-first work environment with flexibility to work almost anywhere within the country of employment (occasional onsite work for proximal roles).
  • Competitive vacation and holiday schedules and other benefits designed to support employee well-being and retention.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

PROCEPT BioRobotics

Program Launch Specialist - West - Denver

PROCEPT BioRobotics 251-1K Health Care Providers & Services

Program Launch Specialist at PROCEPT BioRobotics supporting Aquablation Therapy site launches in the Western U.S., responsible for driving rapid referral activation, early procedural adoption, and operational readiness during the first 90–120 days.

United States Full-time Senior Program Manager
$110k-$110k
9 minutes ago
Stripe

Engineering Program Manager, Infrastructure

Stripe 5K-10K Diversified Financial Services

Program Manager at Stripe on the Infrastructure team, partnering with engineering and corporate technology stakeholders to run and improve cross-cutting IT and work-tracking programs that increase efficiency, enable new systems, and align work across the organization.

United States Full-time Junior Program Manager
24 minutes ago
MCA Connect

CX Transformation Principal

MCA Connect 251-1K Internet Software & Services

MCA Connect is hiring a CX Transformation Principal to lead strategic and business transformation for enterprise customer experience programs, working with clients and delivery teams to modernize customer-facing processes and ensure technology drives measurable commercial outcomes.

Anywhere Full-time Lead Program Manager Solutions Engineer
$175k-$200k
Azure
24 minutes ago
Welocalize

Life Sciences Localization Quality Manager

Welocalize 1K-5K Professional Services

Quality Manager (Life Sciences Localization) at Welocalize responsible for managing supplier performance, client-facing language quality, and delivery quality across accounts to ensure on-time, defect-free multilingual content for global life sciences projects.

Greece Romania Full-time Senior Program Manager
Agile Machine Learning
39 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers