Security Risk Management Lead
$165k - $225kAffirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm , enabling the company to succeed in building honest financial products. The Security Risk Management team is evolving beyond traditional governance, risk, and compliance; we are building an engineering driven program that designs, automates, and scales the controls, workflows, and tooling that protect Affirm and our customers. What You'll Do Lead and mature Affirm 's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.) Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering What We Look For 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles Hands‑on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end‑to‑end Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud‑deployed third parties and integrations Excellent written and verbal communications skills Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience Attention to detail and experience with security practices and security tooling Demonstrated ability to drive projects towards completion Ability to understand and communicate technical issues to non‑technical teams Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus Base Pay Grade - L Equity Grade - 5 Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents). USA Pacific base pay range (CA, WA, NY, NJ, CT) per year: $165,000 - $225,000 USA Sapphire base pay range (all other U.S. states) per year: $146,000 - $206,000 Please note that visa sponsorship is not available for this position. Benefits Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. For U.S. positions that could be performed in Los Angeles or San Francisco, pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records. #J-18808-Ljbffr Affirm
$145.6k - $168k
...Lead Global Solutions Architect Enterprise Technology is a global organization... ...frameworks for data governance and management, and ensuring the security and stability the company's technology... ...services, data & analytics, risk & controls, procurement, program management...SuggestedWork at officeRemote workWork visaRelocation packageFlexible hours3 days per week$98.4k - $160k
...the power of every connection. The Security Incident Response Orchestration Lead is responsible for defining,... ...security operations teams, product management, and engineering leadership to translate... ...Information Systems Management Risk Management Collaboration DevOps Practices...Suggested- Deterrence Defense, Inc. is looking for a hands-on IT Manager to lead our IT infrastructure and cyber risk compliance. You will manage AWS cloud and Microsoft 365 environment, ensuring compliance with DoD frameworks. Your role includes overseeing IT operations, incident...Suggested
$100k - $150k
...businesses thriving. Our commitment to security and data protection is at the... ...SRO Compliance & Portfolio Management team, responsible for ensuring... ...compliance efforts, managing risk, and providing expert guidance... ...Assessment and Mitigation: Lead in risk assessments to...SuggestedWork experience placementRelocation$99.3k - $159.33k
...server environments that underpin mission-critical applications in secure federal cloud or hybrid infrastructures. This role builds and... ...in public or private cloud platforms, including image management, patching, and configuration baseline enforcement. Design and implement...SuggestedContract workWork at office$100k - $231.54k
...one family and one community at a time. Lead Director, SOX/SOC1 Audit Governance & Quality... .... Identify control gaps, process risks, and improvement opportunities, and implement... ...audit, controls governance, risk management, or quality assurance within a regulated...Hourly payFull timeTemporary workLocal area- GardaWorld Security Services in Denver, CO is seeking a Tactical Security Supervisor to oversee security operations on site. The role involves patrolling diverse environments, assessing risk, and ensuring rapid response to incidents throughout the shift. Qualifications...Shift work
$169.4k - $279.6k
...way for best-in-class solutions. As a Lead Architect, you will collaborate with senior... ...AI design • Help establish governance, risk, and control processes that ensure safe,... ...AI governance frameworks and model risk management What is a Must Have? ~ Bachelor’s degree...Temporary workWork experience placementLocal area$128k - $192k
...Citrix will provide customers with a secure client OS and endpoint management that dramatically improves endpoint... ...0. Job Description We are seeking a Lead Solutions Specialist for eLux & Scout... ...technology and the courage to take risks. Everyone is empowered to learn, dream...Local areaRemote workFlexible hours$172k - $258k
...seeking a Director of Information Security Audit & Compliance to join the... ...Audit & Compliance to lead and scale a global audit and compliance... ...global delivery centers, managing internal and external audits,... ...remediation plans. Governance, Risk & Control Framework Align the...Work at officeLocal area$79.4k - $136.4k
...Position Overview The Database Team Lead oversees the design,... ...administrators to ensure availability, security, backup and recovery, and... ...performance or reliability risks, and recommend improvements... ...considered in any personnel or management decisions. We affirm our...Contract workWork at office- ...Cybersecurity & Compliance Administrator in Denver, CO. This role ensures security and compliance in adherence to CMMC Level 2 and data privacy... ...’s degree in IT or a related field. Responsibilities include managing security tools and overseeing security incidents and compliance...
- Lockheed Martin Space in Colorado is seeking a Contractor Program Security Officer to oversee security programs for classified material, ensure regulatory compliance, and manage SCI/Poly prerequisites. This executive security role will require coordinating with DoD and...For contractors
$72.15k - $130.43k
A national security technology firm in Colorado Springs is seeking a Launch Communications Coordinator to support complex launch projects. The ideal candidate must be a US citizen with an active TS/SCI clearance and possess a relevant degree. Responsibilities include project...- RK Industries is looking for a Security & Facilities Supervisor in Denver to oversee and manage daily security operations across facilities and job sites. This role ensures safety and security for employees, contractors, and visitors. Key responsibilities include supervising...For contractors
- Fastly is looking for a Security Risk Lead to lead the assessment of security risks across the organization. You will convert complex security data into actionable insights for senior leadership, enhancing Fastly's security posture. Collaboration with Security, Engineering...
- ...complex challenges in science, security and sustainability. Our people... ...across all 7 continents. Lead, Supplier Performance & Global... ...framework that drives innovation, risk resilience, operational... ...organization from reactive supplier management to predictive, data‑driven performance...Hourly payContract workLocal areaRemote work
- A consulting firm in Denver is looking for a Database Team Lead to oversee the design and performance of enterprise database platforms... ...leading a team of DBAs, ensuring database availability and security, and partnering with application and infrastructure teams. The ideal...
$90.3k - $189.6k
CACI International Inc in Aurora, Colorado is seeking a Contractor Program Security Administrator (CPSA) / Principal Security Officer (PSO). This role requires a TS/SCI clearance and a minimum of 8 years in security experience, specifically with DOD and Intelligence Community...For contractors- Marriott International in Aurora, CO seeks an experienced Security & Safety Services leader to guide convention security, VIP protection, and safety programs. You will collaborate with meeting planners, government agencies, and vendors to ensure a safe environment for...Local area
$140k - $170k
...are seeking a Supply Chain & Procurement Lead to own the end‑to‑end supply chain for the... ...long‑lead item sourcing and supplier management to BOM cost reduction and inventory strategy... ...status, lead times, supplier performance, and risk flags—readable by the GM in under 60...Temporary work$35 - $45 per hour
...national provider of life safety, security, and low‑voltage systems... ...Advancement Responsibilities Lead the installation, repair, and... ...workmanship. Coordinate with project managers, engineers, and other... ...issues efficiently to minimize risk. Ensure the proper use and maintenance...Hourly payCasual workLocal area$90.3k - $189.6k
CACI International Inc. is looking for a Contractor Program Security Administrator in Aurora, Colorado. This role requires an individual with solid government security experience who will manage security operations, ensuring compliance with governmental policies. This...For contractors- Cornerstone Capital Bank is looking for a Mortgage Originations Compliance Program Manager to oversee compliance risk management for Cornerstone Home Lending. This role involves developing policies, tracking regulatory updates, and conducting risk assessments to ensure...
- Collins Aerospace in Aurora, CO is seeking a Prin. DevSecOps Software Lead (Contingent) to lead a team responsible for CI/CD design, automation, security integration and scalable deployments. You will collaborate with development, security and operations to deliver reliable...
- ...Job Description The Senior Manager, Program Management and Governance... ...owns the strategy and secures the investment to fund it, this... ...where CRM technology is heading. Lead program governance across the... ...roadmap, business readiness, risk management, and milestone tracking...Hourly payDaily paidContract workTemporary workLocal areaFlexible hoursShift work
$100k
...mission‑critical programs across national security, defense, and public service delivery.... ...authorization to proceed. ServiceNow Team Lead provides senior leadership for... ...and Technical Team Lead for IT Service Management (ITSM) and IT Operations Management (ITOM...Contract workNight shift- ...School of Public Health Job Title: Faculty Lead | Center for Global Health East Africa... ...guidance on logistics, safety, and risk management for learners, faculty, and staff traveling... ...Campus is dedicated to ensuring a safe and secure environment for our faculty, staff,...Temporary workLocal area
$30k - $33k
Lead - Self Perform Division 7/Waterproofing (Denver, CO) DPR Construction is looking to add a Lead for our Self Perform... ...day execution, project controls, project engineering, cost, risk, and business management of multiple commercial waterproofing and fire prevention...For contractorsWork at officeFlexible hours- Crusoe Energy Systems in Denver, Colorado, is seeking a Supply Chain & Procurement Lead to manage the end-to-end supply chain for the SPARK product line. This role focuses on demand planning, risk management, BOM optimization, and supplier management. Candidates should have...
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Risk Management Lead. Be the first to apply!

