Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Remote Security Risk Management Lead

$165k - $225k

Affirm

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team is evolving beyond traditional governance, risk, and compliance; we are building an engineering driven program that designs, automates, and scales the controls, workflows, and tooling that protect Affirm and our customers.

The ideal candidate will design, develop, configure, and implement solutions to complex technical and business problems across the Security Third Party Program and the broader Security Risk Management program. They are equally comfortable shaping policy and shipping automation using modern tooling (Python, Cursor, Claude, and other agentic coding platforms) to replace manual GRC work with scalable, code-defined workflows. They will operate as a subject matter expert, interface with business and engineering stakeholders, and play a key role in transforming Security Risk Management from a compliance oriented function into a security engineering discipline.

What You'll Do



  • Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows

  • Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)

  • Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes

  • Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships

  • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks

  • Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog

  • Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management

  • Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership

  • Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence

  • Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction

  • Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration

  • Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance

  • Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions

  • Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering

What We Look For


  • 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles

  • Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end

  • Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations

  • Excellent written and verbal communications skills

  • Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling

  • Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)

  • BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience

  • Attention to detail and experience with security practices and security tooling

  • Demonstrated ability to drive projects towards completion

  • Ability to understand and communicate technical issues to non-technical teams

  • Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus

Base Pay Grade - L

Equity Grade - 5

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA Pacific base pay range (CA, WA, NY, NJ, CT) per year: $165,000 - $225,000

USA Sapphire base pay range (all other U.S. states) per year: $146,000 - $206,000

Please note that visa sponsorship is not available for this position.

#LI-Remote


 


Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.

We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include: 


  • Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents 

  • Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses

  • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge

  • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.


By clicking "Submit Application," you acknowledge that you have read Affirm's  Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.

Vacancy posted a month ago
Similar jobs that could be interesting for youBased on the Remote Security Risk Management Lead in Mesa, AZ vacancy
  • Overseeing the organization's Risk Management Framework (RMF) and Governance, Risk,...  ...initiatives, the full-time RMF/GRC Program Lead will develop and maintain security policies, conduct risk assessments...  ...metrics to senior leadership in a remote setting. Key responsibilities... 
    Remote work

    VirtualVocations

    Amarillo, TX
    2 days ago
  •  ...a Counterintelligence/ Lead (CIL) to support a Federal...  ...in order to perform management and coordination functions...  ...travel to and between remote OCONUS location(s) in...  ...Asset Validation and Asset Risk Management long course...  ...support, training, security, and RD&E support solutions... 
    Remote work

    Prescient Edge

    Jacksonville, NC
    10 hours ago
  •  ...commitment to quality . To us, security is an essential part of...  ...approach to privacy and risk. As Compliance & Trust Lead at Linear, you'll partner...  ...work mode Linear is a remote-first company. This role is...  ...advantage Run our risk management program — identify emerging... 
    Remote work
    Local area

    Linear

    San Antonio, TX
    23 days ago
  • $114.08k - $218.03k

     ...Experience Owner Lead At USAA, our mission is to...  ...members to achieve financial security through highly...  .... USAA roles may offer remote or hybrid flexibility for...  ...and salvage inventory management. This role partners closely...  ..., and operational risk management related to the... 
    Remote work
    H1b
    Work at office
    Flexible hours

    USAA

    Chesapeake, VA
    4 days ago
  •  ...tactical execution. You will lead the CMMC readiness...  ...guidance to senior management. You are responsible for...  ...for client deliverables (Risk Assessments, SSPs, Executive...  ...for both on‑site and remote engagements. Strategic...  ...applicable to align security initiatives with business... 
    Remote work

    The ProActive Technology Group

    New York, NY
    2 days ago
  • $142.3k - $195.7k

     ...capability inside our Offensive Security organization and are looking...  ...its founding engineer. As Lead, Offensive Security (AI & Tooling...  ..., and the NIST AI Risk Management Framework. Experience building...  ...security rules of engagement. Remote Work & Internet Requirements... 
    Remote work
    Temporary work
    Home office

    Humana Inc

    Brooklyn, NY
    1 day ago
  • $145k - $180k

    Lead Application Architect Location: Remote / Hybrid (On site-visits to the DMV location as required...  ...in personnel security, Agile, DevOps, DevSecOps...  ...Responsibilities Provide technical and management leadership across major...  ..., quality assurance, risk management, and federal... 
    Remote work
    Full time
    Contract work
    Work at office

    Iworks

    New York, NY
    3 days ago
  • $132.5k - $218.3k

     ...employment. What You’ll Do The Lead Associate Principal, Security Assurance is responsible...  ...Security teams to assess risk and requirements for new...  ...OCC's Third Party Risk Management team, assisting with oversight...  ...with local and remote OCC staff, management, vendors... 
    Remote work
    Local area
    2 days per week

    The Options Clearing Corporation

    Chicago, IL
    10 hours ago
  • $20 per hour

     ...Field Lead Security Officer Date: Jun 24, 2026 Location: Moran, WY, US Company: Grand...  ...violations, and other common calls in a remote National Park setting. The Field Lead...  ...relate to security, loss prevention, risk management and safety concerns for both life and... 
    Remote work
    Full time
    Summer work
    Seasonal work
    Shift work

    Vail Resorts

    Moran, WY
    1 day ago
  • $143.32k - $273.93k

     ...members to achieve financial security through highly...  .... USAA roles may offer remote or hybrid flexibility for...  ...Financial Reporting Advisor Lead you will drive cross-...  ...that lead to risk assessment, control selection...  ...interactions with senior management, becoming their trusted... 
    Remote work
    Work experience placement
    H1b
    Work at office
    Relocation package
    Flexible hours

    USAA

    United States
    1 day ago
  • Seeking a full-time Lead Security Architect, the successful candidate will design enterprise...  ...Architecture principles while working remotely from Herndon, Virginia. Key...  ...controls Provide critical input to the Risk Management Framework process and manage security... 
    Remote work

    VirtualVocations

    Fremont, CA
    8 days ago
  • $115.7k - $150.5k

     ...seeking a highly skilled Lead Program Performance Management Analyst to support our rapidly...  ...is eligible for full-time remote. This key role requires a...  ...EAC), Management Reserve, Risk and Opportunity Management...  ...subject to a government security investigation and must... 
    Remote work
    Full time
    Contract work
    Temporary work
    For contractors
    Work experience placement
    For subcontractor
    Casual work
    Local area

    Saab, Inc.

    New York, NY
    3 days ago
  • $164.78k - $314.96k

     ...members to achieve financial security through highly competitive products...  .... USAA roles may offer remote or hybrid flexibility for active...  ...As a dedicated Bank Credit Risk Lead Analyst, you will leverage...  ...and opportunities within the managed portfolio and translates results... 
    Remote work
    H1b
    Work at office
    Relocation package
    Flexible hours
    Shift work

    USAA

    Colorado Springs, CO
    6 days ago
  •  ...A leading fintech company is seeking a Chief Information Security Officer (CISO) to lead and enhance its enterprise security program. This fully remote role involves participating in strategic decision...  ...communication skills and expertise in risk management. Competitive salary and... 
    Remote work

    The Security Executive Council

    Jacksonville, FL
    10 hours ago
  • $115.7k - $150.5k

     ...seeking a highly skilled Lead Data Informatics Analyst/Program Performance Management Analyst to support our...  ...eligible for full-time remote work. This role...  ...loading, and schedule risk analysis. Provide surge...  ...subject to a government security investigation and must... 
    Remote work
    Full time
    Temporary work
    For contractors
    Work experience placement
    Casual work
    Local area

    Saab Automobile AB

    United States
    4 days ago
  • Securitas Security Services USA, Inc. is seeking an Operational Risk Manager (ORM) to lead the regional efforts in operational risk mitigation and compliance. This hybrid...  ...role will involve working from the office and remote while driving a culture of safety across multiple... 
    Remote work
    Work at office

    Securitas Security Services USA, Inc.

    Providence, RI
    10 hours ago
  • $140k - $165k

    A leading building materials company is seeking an Americas Security Manager to oversee security operations across the U.S., Canada, and Mexico. This role involves risk assessment, crisis management, and the implementation of security strategies. Candidates should have... 
    Remote job

    CRH

    Phoenix, AZ
    3 days ago
  • $140k - $160k

     ...solutions to complex national security issues. With over 50 years of...  ...System Integration Team (SIT) Lead will provide support to the Team...  ...Director (TD), Ship Design Manager (SDM), and Project Officer (PO...  ...of wide activities including risk management, scheduling, strategic... 
    Remote work
    Work at office
    Flexible hours

    Arenatechnologies

    Washington DC
    1 day ago
  • $120k - $140k

     ...additional costs. The world’s leading enterprises across a...  ...businesses. The Application Security Lead reports to the IT Security Manager and works closely with...  .... This role can be a remote position. Responsibilities...  ...process to identify risk and security requirements... 
    Remote work
    Work experience placement
    Shift work

    Vistex BKV

    Hoffman Estates, IL
    12 days ago
  •  ...Description Job Description Supply Chain Risk Management (SCRM) Lead Falls Church, Virginia. Full-...  .... This role coordinates vendor security assessments, establishes SCRM policies...  ...Building, Falls Church, VA. No remote work options available. Standard business... 
    Remote work
    Full time
    Contract work
    Work at office

    ZTI Solutions, LLC

    Falls Church, VA
    a month ago
  •  ...Inc. delivers customized medical and security risk management and wellbeing solutions to enable our...  ...including freestanding surgical facilities in remote and austere environments, telemedicine...  ...Key Responsibilities: Leads the team during the deployment. Responsible... 
    Remote work
    Minimum wage
    Full time
    For contractors
    Work at office
    Local area
    Shift work

    International SOS Government Medical Services

    Sarasota, FL
    10 hours ago
  • $124.7k - $212.8k

     ...Bring your talents to Ross, our leading off-price retail chain with...  ...PURPOSE: The Lead, Security Analysis is the senior member of the Cybersecurity Risk Management group responsible for leading...  ...combination of in-office and remote work. #LI-Hybrid SUPERVISORY... 
    Remote work
    Work at office
    Local area
    Overseas

    Ross Stores

    Dublin, CA
    1 day ago
  • $146.2k - $261.4k

     ...Research Lead - AI Cyber Testing & Evaluation RAND's Center on AI, Security, and Technology (CAST), part of the Global and Emerging Risks (GER) Division conducts cutting...  ...be responsible for managing significant research...  ...Development Program (CNODP), Remote Interactive Operator... 
    Remote work
    Work experience placement
    Work from home

    Employment Opportunities

    Boston, MA
    more than 2 months ago
  •  ...-first organization, the full-time remote AI & Automation Lead will manage the development and deployment of AI...  ...and automation solutions, ensuring security and scalability while collaborating...  ...understanding of their operational risks Familiarity with cloud... 
    Remote work

    VirtualVocations

    Naples, FL
    8 days ago
  •  ...dignity, purpose, and security. If you’re looking to...  ...collaborative, and innovative Lead, Program Evaluation -...  ..., and experience managing complex, multi-site program...  .... Report progress, risks, and decisions to R&E...  ...plan ~ Hybrid remote work options ~ And more... 
    Remote work
    Temporary work

    National Council on Aging

    Wheeling, WV
    10 hours ago
  • $142.79k - $184k

     ...Required: NACI (T1) Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Assessment...  ...: Certified Information Systems Security Professional (CISSP) | International Information...  ...Assessment & Authorization (SA&A) Lead Advance your career while impacting... 
    Remote work
    Full time
    Temporary work
    For contractors
    Immediate start
    Worldwide
    Flexible hours

    General Dynamics Information Technology

    Rockville, MD
    1 day ago
  •  ...currently seeking a Transition Lead (Transition Program...  .../ big-bang) based on risk and service criticality...  ..., RAID & Risk Management •    Own transition governance...  ...•    Drive security, access, compliance, and...  ...While many positions offer remote or hybrid work options,... 
    Remote work
    Work at office
    Flexible hours
    Shift work

    NTT DATA, Inc.

    Indiana
    12 days ago
  • $120k - $145k

     ...Springfield, VA (Primary performance location will be remote or at contractor site)  Job Summary:  The Task Lead for Internal Control Support Services (Business...  ...) is responsible for overseeing and executing risk management and internal control assessments for TSA’s... 
    Remote work
    For contractors

    Launchpointpeo

    Chicago, IL
    1 day ago
  • $139k - $220k

     ...operational efficiency, reduce security and compliance risk, and accelerate digital...  ...organization comprises enablement leads serving the CRO business...  ...field professionals and management. Exceptional written/...  ...world. All of our roles are remote, however some roles may carry... 
    Remote work
    Home office

    Gitlab

    Fort Worth, TX
    8 days ago
  • $130k - $160k

     ...incredible career at a leading science and technology...  ...to work on cutting‑edge security projects and grow your...  ...Security and will be USA Remote base. In this role, you...  ...policy interpretation, risk mitigation strategies,...  ...improvement of the policy management lifecycle, including... 
    Remote work
    Work from home
    Flexible hours

    Danaher Corporation

    New York, NY
    10 hours ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Remote Security Risk Management Lead. Be the first to apply!