Remote Security Risk Management Lead
$165k - $225kAffirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team is evolving beyond traditional governance, risk, and compliance; we are building an engineering driven program that designs, automates, and scales the controls, workflows, and tooling that protect Affirm and our customers.
The ideal candidate will design, develop, configure, and implement solutions to complex technical and business problems across the Security Third Party Program and the broader Security Risk Management program. They are equally comfortable shaping policy and shipping automation using modern tooling (Python, Cursor, Claude, and other agentic coding platforms) to replace manual GRC work with scalable, code-defined workflows. They will operate as a subject matter expert, interface with business and engineering stakeholders, and play a key role in transforming Security Risk Management from a compliance oriented function into a security engineering discipline.
What You'll Do
- Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows
- Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)
- Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes
- Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships
- Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks
- Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog
- Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management
- Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership
- Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence
- Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction
- Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration
- Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance
- Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions
- Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering
What We Look For
- 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles
- Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end
- Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations
- Excellent written and verbal communications skills
- Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling
- Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)
- BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
- Attention to detail and experience with security practices and security tooling
- Demonstrated ability to drive projects towards completion
- Ability to understand and communicate technical issues to non-technical teams
- Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus
Base Pay Grade - L
Equity Grade - 5
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
USA Pacific base pay range (CA, WA, NY, NJ, CT) per year: $165,000 - $225,000
USA Sapphire base pay range (all other U.S. states) per year: $146,000 - $206,000
Please note that visa sponsorship is not available for this position.
#LI-Remote
Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.
We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:
- Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
- Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
- Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
- ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.
By clicking "Submit Application," you acknowledge that you have read Affirm's Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.
- Overseeing the organization's Risk Management Framework (RMF) and Governance, Risk,... ...initiatives, the full-time RMF/GRC Program Lead will develop and maintain security policies, conduct risk assessments... ...metrics to senior leadership in a remote setting. Key responsibilities...Remote work
- ...a Counterintelligence/ Lead (CIL) to support a Federal... ...in order to perform management and coordination functions... ...travel to and between remote OCONUS location(s) in... ...Asset Validation and Asset Risk Management long course... ...support, training, security, and RD&E support solutions...Remote work
- ...commitment to quality . To us, security is an essential part of... ...approach to privacy and risk. As Compliance & Trust Lead at Linear, you'll partner... ...work mode Linear is a remote-first company. This role is... ...advantage Run our risk management program — identify emerging...Remote workLocal area
$114.08k - $218.03k
...Experience Owner Lead At USAA, our mission is to... ...members to achieve financial security through highly... .... USAA roles may offer remote or hybrid flexibility for... ...and salvage inventory management. This role partners closely... ..., and operational risk management related to the...Remote workH1bWork at officeFlexible hours- ...tactical execution. You will lead the CMMC readiness... ...guidance to senior management. You are responsible for... ...for client deliverables (Risk Assessments, SSPs, Executive... ...for both on‑site and remote engagements. Strategic... ...applicable to align security initiatives with business...Remote work
$142.3k - $195.7k
...capability inside our Offensive Security organization and are looking... ...its founding engineer. As Lead, Offensive Security (AI & Tooling... ..., and the NIST AI Risk Management Framework. Experience building... ...security rules of engagement. Remote Work & Internet Requirements...Remote workTemporary workHome office$145k - $180k
Lead Application Architect Location: Remote / Hybrid (On site-visits to the DMV location as required... ...in personnel security, Agile, DevOps, DevSecOps... ...Responsibilities Provide technical and management leadership across major... ..., quality assurance, risk management, and federal...Remote workFull timeContract workWork at office$132.5k - $218.3k
...employment. What You’ll Do The Lead Associate Principal, Security Assurance is responsible... ...Security teams to assess risk and requirements for new... ...OCC's Third Party Risk Management team, assisting with oversight... ...with local and remote OCC staff, management, vendors...Remote workLocal area2 days per week$20 per hour
...Field Lead Security Officer Date: Jun 24, 2026 Location: Moran, WY, US Company: Grand... ...violations, and other common calls in a remote National Park setting. The Field Lead... ...relate to security, loss prevention, risk management and safety concerns for both life and...Remote workFull timeSummer workSeasonal workShift work$143.32k - $273.93k
...members to achieve financial security through highly... .... USAA roles may offer remote or hybrid flexibility for... ...Financial Reporting Advisor Lead you will drive cross-... ...that lead to risk assessment, control selection... ...interactions with senior management, becoming their trusted...Remote workWork experience placementH1bWork at officeRelocation packageFlexible hours- Seeking a full-time Lead Security Architect, the successful candidate will design enterprise... ...Architecture principles while working remotely from Herndon, Virginia. Key... ...controls Provide critical input to the Risk Management Framework process and manage security...Remote work
$115.7k - $150.5k
...seeking a highly skilled Lead Program Performance Management Analyst to support our rapidly... ...is eligible for full-time remote. This key role requires a... ...EAC), Management Reserve, Risk and Opportunity Management... ...subject to a government security investigation and must...Remote workFull timeContract workTemporary workFor contractorsWork experience placementFor subcontractorCasual workLocal area$164.78k - $314.96k
...members to achieve financial security through highly competitive products... .... USAA roles may offer remote or hybrid flexibility for active... ...As a dedicated Bank Credit Risk Lead Analyst, you will leverage... ...and opportunities within the managed portfolio and translates results...Remote workH1bWork at officeRelocation packageFlexible hoursShift work- ...A leading fintech company is seeking a Chief Information Security Officer (CISO) to lead and enhance its enterprise security program. This fully remote role involves participating in strategic decision... ...communication skills and expertise in risk management. Competitive salary and...Remote work
$115.7k - $150.5k
...seeking a highly skilled Lead Data Informatics Analyst/Program Performance Management Analyst to support our... ...eligible for full-time remote work. This role... ...loading, and schedule risk analysis. Provide surge... ...subject to a government security investigation and must...Remote workFull timeTemporary workFor contractorsWork experience placementCasual workLocal area- Securitas Security Services USA, Inc. is seeking an Operational Risk Manager (ORM) to lead the regional efforts in operational risk mitigation and compliance. This hybrid... ...role will involve working from the office and remote while driving a culture of safety across multiple...Remote workWork at office
$140k - $165k
A leading building materials company is seeking an Americas Security Manager to oversee security operations across the U.S., Canada, and Mexico. This role involves risk assessment, crisis management, and the implementation of security strategies. Candidates should have...Remote job$140k - $160k
...solutions to complex national security issues. With over 50 years of... ...System Integration Team (SIT) Lead will provide support to the Team... ...Director (TD), Ship Design Manager (SDM), and Project Officer (PO... ...of wide activities including risk management, scheduling, strategic...Remote workWork at officeFlexible hours$120k - $140k
...additional costs. The world’s leading enterprises across a... ...businesses. The Application Security Lead reports to the IT Security Manager and works closely with... .... This role can be a remote position. Responsibilities... ...process to identify risk and security requirements...Remote workWork experience placementShift work- ...Description Job Description Supply Chain Risk Management (SCRM) Lead Falls Church, Virginia. Full-... .... This role coordinates vendor security assessments, establishes SCRM policies... ...Building, Falls Church, VA. No remote work options available. Standard business...Remote workFull timeContract workWork at office
- ...Inc. delivers customized medical and security risk management and wellbeing solutions to enable our... ...including freestanding surgical facilities in remote and austere environments, telemedicine... ...Key Responsibilities: Leads the team during the deployment. Responsible...Remote workMinimum wageFull timeFor contractorsWork at officeLocal areaShift work
$124.7k - $212.8k
...Bring your talents to Ross, our leading off-price retail chain with... ...PURPOSE: The Lead, Security Analysis is the senior member of the Cybersecurity Risk Management group responsible for leading... ...combination of in-office and remote work. #LI-Hybrid SUPERVISORY...Remote workWork at officeLocal areaOverseas$146.2k - $261.4k
...Research Lead - AI Cyber Testing & Evaluation RAND's Center on AI, Security, and Technology (CAST), part of the Global and Emerging Risks (GER) Division conducts cutting... ...be responsible for managing significant research... ...Development Program (CNODP), Remote Interactive Operator...Remote workWork experience placementWork from home- ...-first organization, the full-time remote AI & Automation Lead will manage the development and deployment of AI... ...and automation solutions, ensuring security and scalability while collaborating... ...understanding of their operational risks Familiarity with cloud...Remote work
- ...dignity, purpose, and security. If you’re looking to... ...collaborative, and innovative Lead, Program Evaluation -... ..., and experience managing complex, multi-site program... .... Report progress, risks, and decisions to R&E... ...plan ~ Hybrid remote work options ~ And more...Remote workTemporary work
$142.79k - $184k
...Required: NACI (T1) Job Family: Cyber and IT Risk Management Job Qualifications: Skills: Assessment... ...: Certified Information Systems Security Professional (CISSP) | International Information... ...Assessment & Authorization (SA&A) Lead Advance your career while impacting...Remote workFull timeTemporary workFor contractorsImmediate startWorldwideFlexible hours- ...currently seeking a Transition Lead (Transition Program... .../ big-bang) based on risk and service criticality... ..., RAID & Risk Management • Own transition governance... ...• Drive security, access, compliance, and... ...While many positions offer remote or hybrid work options,...Remote workWork at officeFlexible hoursShift work
$120k - $145k
...Springfield, VA (Primary performance location will be remote or at contractor site) Job Summary: The Task Lead for Internal Control Support Services (Business... ...) is responsible for overseeing and executing risk management and internal control assessments for TSA’s...Remote workFor contractors$139k - $220k
...operational efficiency, reduce security and compliance risk, and accelerate digital... ...organization comprises enablement leads serving the CRO business... ...field professionals and management. Exceptional written/... ...world. All of our roles are remote, however some roles may carry...Remote workHome office$130k - $160k
...incredible career at a leading science and technology... ...to work on cutting‑edge security projects and grow your... ...Security and will be USA Remote base. In this role, you... ...policy interpretation, risk mitigation strategies,... ...improvement of the policy management lifecycle, including...Remote workWork from homeFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Remote Security Risk Management Lead. Be the first to apply!


