Job Title

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. What Youll Do Program Strategy & Governance Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations). Lead program maturity planning, roadmaps, and crossfunctional governance forums (e.g., security steering committee, risk council). Define and enforce security risk appetite and decision criteria for thirdparty relationships and integrations. ThirdParty Risk Management Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. Ensure robust fourthparty oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. Oversee highrisk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria. Operational Excellence & Tooling Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity. Partner with Automation/TPRM Ops to operationalize threatmodeling outputs, integration inventories, preintegration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations. Implement and maintain QA processes (quarterly QA), runbooks, SOPs for ticket ownership, and evidence standards. People & Stakeholder Leadership Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale. Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters. Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines. Audit, Compliance & Risk Reporting Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress. Produce regular program health reporting for senior leadership and Boardlevel stakeholders. Success Metrics (Examples) Vendors reviewed per month and % critical vendors reviewed on schedule Average review turnaround time and backlog age distribution % tickets with clear owner and SLA met Time to remediate Internal Audit findings and completion rate Implementation count of automated checks/runbooks and preintegration gates Team engagement / retention and timetoproductivity for new hires What We Look For 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams (or equivalent leadership experience). Demonstrated ownership of a TPRM program or security governance program in a regulated or highgrowth technology environment (fintech preferred). Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes (IRQ/DDQ/SME assessments). Handson familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools (Sigma/Tableau/Looker), and experience with integrations/APIs. Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership. Proven experience translating audit findings into operational remediation plans and measurable outcomes. Strong communication skills able to present risk to technical and nontechnical audiences and to influence decisions. Certifications such as CISSP, CISM, CRISC, or similar. Practical experience with threatmodeling approaches and thirdparty integration security (API, SSO/OAuth/SAML, TLS). Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines. Prior experience in fintech or highly regulated industries. Salary & Benefits Pay Grade: Q Equity Grade: 6 Base pay range (CAN): $198,000 $248,000 per year. Additional compensation may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits such as 100% subsidized medical coverage, dental and vision for you and your dependents. Affirm is proud to offer competitive benefits anchored to our core value of people come first. Key highlights include: Health care coverage we cover all premiums for all levels of coverage for you and your dependents. Flexible Spending Wallets generous stipends for technology, food, various lifestyle needs, and familyforming expenses. Time off competitive vacation and holiday schedules allowing you to take time off to rest and recharge. ESPP an employee stock purchase plan enabling you to buy shares of Affim at a discount. EEO & Inclusive Hiring We believe Its On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. For U.S. positions that could be performed in LosAngeles or SanFrancisco, pursuant to local fairchance ordinances, we will consider qualified applicants with arrest and conviction records. #J-18808-Ljbffr