Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Remote Security Risk Management Lead

$165k - $225k

Affirm

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team is evolving beyond traditional governance, risk, and compliance; we are building an engineering driven program that designs, automates, and scales the controls, workflows, and tooling that protect Affirm and our customers.

The ideal candidate will design, develop, configure, and implement solutions to complex technical and business problems across the Security Third Party Program and the broader Security Risk Management program. They are equally comfortable shaping policy and shipping automation using modern tooling (Python, Cursor, Claude, and other agentic coding platforms) to replace manual GRC work with scalable, code-defined workflows. They will operate as a subject matter expert, interface with business and engineering stakeholders, and play a key role in transforming Security Risk Management from a compliance oriented function into a security engineering discipline.

What You'll Do



  • Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows

  • Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)

  • Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes

  • Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships

  • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks

  • Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog

  • Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management

  • Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership

  • Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence

  • Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction

  • Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration

  • Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance

  • Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions

  • Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering

What We Look For


  • 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles

  • Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end

  • Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations

  • Excellent written and verbal communications skills

  • Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling

  • Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)

  • BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience

  • Attention to detail and experience with security practices and security tooling

  • Demonstrated ability to drive projects towards completion

  • Ability to understand and communicate technical issues to non-technical teams

  • Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus

Base Pay Grade - L

Equity Grade - 5

Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills. Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA Pacific base pay range (CA, WA, NY, NJ, CT) per year: $165,000 - $225,000

USA Sapphire base pay range (all other U.S. states) per year: $146,000 - $206,000

Please note that visa sponsorship is not available for this position.

#LI-Remote


 


Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.

We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include: 


  • Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents 

  • Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses

  • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge

  • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.


By clicking "Submit Application," you acknowledge that you have read Affirm's  Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.

Vacancy posted 29 days ago
Similar jobs that could be interesting for youBased on the Remote Security Risk Management Lead in San Antonio, TX vacancy
  • Overseeing the organization's Risk Management Framework (RMF) and Governance, Risk,...  ...initiatives, the full-time RMF/GRC Program Lead will develop and maintain security policies, conduct risk assessments...  ...metrics to senior leadership in a remote setting. Key responsibilities... 
    Remote work

    VirtualVocations

    Virginia Beach, VA
    1 day ago
  •  ...a Counterintelligence/ Lead (CIL) to support a Federal...  ...in order to perform management and coordination functions...  ...travel to and between remote OCONUS location(s) in...  ...Asset Validation and Asset Risk Management long course...  ...support, training, security, and RD&E support solutions... 
    Remote work

    Prescient Edge

    Jacksonville, NC
    4 days ago
  •  ...commitment to quality . To us, security is an essential part of...  ...approach to privacy and risk. As Compliance & Trust Lead at Linear, you'll partner...  ...work mode Linear is a remote-first company. This role is...  ...advantage Run our risk management program — identify emerging... 
    Remote work
    Local area

    Linear

    Boston, MA
    22 days ago
  • Leading the authorization integrity of a complex multi-tenant cloud platform, the full-time remote Information System Security Officer Lead will manage Authorization to Operate (ATO) and Approval to Connect (...  ...preferred Expert knowledge of NIST Risk Management Framework (RMF)... 
    Remote work

    VirtualVocations

    Phoenix, AZ
    5 days ago
  • $165k - $225k

     ...compounding interest. Affirm values security as being critical to the...  ...products. The Security Risk Management team is evolving beyond traditional...  .... What You'll Do Lead and mature Affirm's Security...  ...for this position. #LI-Remote   Affirm is proud to... 
    Remote work
    Work at office
    Flexible hours

    Affirm

    Atlanta, GA
    29 days ago
  • Centene Corporation is seeking a Senior Manager, Privacy & Security Lead Regulatory Analyst Team to oversee a team responsible for managing privacy, security, and compliance risk management. You will translate complex regulatory requirements into actionable insights while... 
    Remote job

    Centene Corporation

    New York, NY
    1 day ago
  •  ...Temporary (Contract) Site: Hybrid Remote Travel:Less than 10% We are seeking an experienced Security Assessment & Authorization (SA&A) Lead to manage and oversee the development, execution...  ...(ATO) packages, implementing the Risk Management Framework (RMF), and ensuring... 
    Remote work
    Full time
    Temporary work

    Digital Global Connectors

    Mc Lean, VA
    5 days ago
  • GuidePoint Security provides trusted cybersecurity expertise...  ...decisions and minimize risk. By taking a three-...  ...risk. The Team Lead - Data Security serves...  ...CASB, and insider risk management tools across client environments...  .... Some added perks Remote workforce primarily (U.... 
    Remote job
    Flexible hours

    GuidePoint Security

    Boston, MA
    1 day ago
  • Information Intel and Defense Lead Requisition ID: req1389...  ...Division: Information Security Office Compensation:...  ...remediation, and patch management. Performs security...  ...and fetching/processing remote data). Verifies implementation...  .... Supports security risk assessments, audits,... 
    Remote work
    Full time
    Work at office

    Teacher Retirement System of Texas

    Austin, TX
    4 days ago
  • $145k - $180k

    Lead Application Architect Location: Remote / Hybrid (On site-visits to the DMV location as required...  ...in personnel security, Agile, DevOps, DevSecOps...  ...Responsibilities Provide technical and management leadership across major...  ..., quality assurance, risk management, and federal... 
    Remote work
    Full time
    Contract work
    Work at office

    Iworks

    New York, NY
    2 days ago
  • $142.3k - $195.7k

     ...capability inside our Offensive Security organization, and we're...  ...for its founding engineer. As Lead, Offensive Security (AI & Tooling...  ...Bigger Picture Join a 100% remote, highly specialized offensive...  ...Applications, and the NIST AI Risk Management Framework. Model Context... 
    Remote work
    Weekly pay
    Full time
    Temporary work
    For contractors
    Work at office
    Work from home
    Home office

    Humana

    Kentucky
    4 days ago
  • $132.5k - $218.3k

     ...employment. What You’ll Do The Lead Associate Principal, Security Assurance is responsible...  ...Security teams to assess risk and requirements for new...  ...OCC's Third Party Risk Management team, assisting with oversight...  ...with local and remote OCC staff, management, vendors... 
    Remote work
    Local area
    2 days per week

    The Options Clearing Corporation

    Dallas, TX
    4 days ago
  • $90k

     ...Open Source Analyst, Team Lead Are you interested in joining...  ...global reach? At Concentric, "We Manage Risk Everywhere to Keep People...  ...management, executive protection, security operations, or business...  ...CA! This position allows for remote work within the United States... 
    Remote work
    Currently hiring
    Local area
    Immediate start
    Monday to Friday
    Night shift
    Weekend work
    Day shift

    Concentric Advisors

    Mountain View, CA
    1 day ago
  • $20 per hour

     ...Field Lead Security Officer Date: Jun 24, 2026 Location: Moran, WY, US Company: Grand...  ...violations, and other common calls in a remote National Park setting. The Field Lead...  ...relate to security, loss prevention, risk management and safety concerns for both life and... 
    Remote work
    Full time
    Summer work
    Seasonal work
    Shift work

    Vail Resorts

    Moran, WY
    13 hours ago
  • $143.32k - $273.93k

     ...members to achieve financial security through highly...  .... USAA roles may offer remote or hybrid flexibility for...  ...Financial Reporting Advisor Lead you will drive cross-...  ...that lead to risk assessment, control selection...  ...interactions with senior management, becoming their trusted... 
    Remote work
    Work experience placement
    H1b
    Work at office
    Relocation package
    Flexible hours

    USAA

    United States
    13 hours ago
  • Seeking a full-time Lead Security Architect, the successful candidate will design enterprise...  ...Architecture principles while working remotely from Herndon, Virginia. Key...  ...controls Provide critical input to the Risk Management Framework process and manage security... 
    Remote work

    VirtualVocations

    Lubbock, TX
    7 days ago
  • $115.7k - $150.5k

     ...seeking a highly skilled Lead Program Performance Management Analyst to support our rapidly...  ...is eligible for full-time remote. This key role requires a...  ...EAC), Management Reserve, Risk and Opportunity Management...  ...subject to a government security investigation and must... 
    Remote work
    Full time
    Contract work
    Temporary work
    For contractors
    Work experience placement
    For subcontractor
    Casual work
    Local area

    Saab, Inc.

    Phoenix, AZ
    2 days ago
  • $164.78k - $314.96k

     ...members to achieve financial security through highly competitive products...  .... USAA roles may offer remote or hybrid flexibility for active...  ...As a dedicated Bank Credit Risk Lead Analyst, you will leverage...  ...and opportunities within the managed portfolio and translates results... 
    Remote work
    H1b
    Work at office
    Relocation package
    Flexible hours
    Shift work

    USAA

    Colorado Springs, CO
    5 days ago
  •  ...A leading fintech company is seeking a Chief Information Security Officer (CISO) to lead and enhance its enterprise security program. This fully remote role involves participating in strategic decision...  ...communication skills and expertise in risk management. Competitive salary and... 
    Remote work

    The Security Executive Council

    Jacksonville, FL
    4 days ago
  • $115.7k - $150.5k

     ...Lead Data Informatics Analyst / Lead Program Performance...  .../Program Performance Management Analyst to support our...  ...eligible for full-time remote work. This role...  ...loading, and schedule risk analysis. Provide surge...  ...subject to a government security investigation and must... 
    Remote work
    Full time
    Temporary work
    For contractors
    Work experience placement
    Casual work
    Local area

    SAAB

    Baldwinsville, NY
    2 days ago
  • Securitas Security Services USA, Inc. is seeking an Operational Risk Manager (ORM) to lead the regional efforts in operational risk mitigation and compliance. This hybrid...  ...role will involve working from the office and remote while driving a culture of safety across multiple... 
    Remote work
    Work at office

    Securitas Security Services USA, Inc.

    Providence, RI
    4 days ago
  • $140k - $165k

    A leading building materials company is seeking an Americas Security Manager to oversee security operations across the U.S., Canada, and Mexico. This role involves risk assessment, crisis management, and the implementation of security strategies. Candidates should have... 
    Remote job

    CRH

    Phoenix, AZ
    2 days ago
  • $112.4k - $187.4k

     ...experienced and forward‑looking Security Technologies Leader to...  ...awareness, enable proactive risk management, and support timely, effective...  ...and incident management tools. Lead the design, evaluation, deployment...  ...No Work Location This is a remote position. Application... 
    Remote work
    Worldwide
    Relocation package

    GE Vernova

    Boston, MA
    3 days ago
  • $117.3k - $226.9k

     ...missions across the national security space (NSS) enterprise. DSG is...  ...-based navigation. We are leading the architecting, acquisition...  ...interaction with Aerospace senior management and experience in a program...  ...of new capabilities, risk management, and program execution... 
    Remote work
    Full time
    For contractors
    Work at office
    Immediate start
    Relocation package
    Flexible hours

    Dormont Manufacturing Co

    Los Angeles, CA
    5 days ago
  • $171.4k - $257.1k

    ## Enterprise Management and Control (EM&C) Program LeadApplylocations...  ...missions across the national security space (NSS) enterprise. DSG...  ...systems. The **EM&C Program Lead** will report to the Systems...  ...and Aerospace leadership on risks, issues, opportunities and develop... 
    Remote work
    Full time
    For contractors
    Work at office
    Immediate start
    Relocation package
    Flexible hours

    The Aerospace Corporation

    El Segundo, CA
    4 days ago
  • $120k - $140k

     ...additional costs. The world’s leading enterprises across a...  ...businesses. The Application Security Lead reports to the IT Security Manager and works closely with...  .... This role can be a remote position. Responsibilities...  ...process to identify risk and security requirements... 
    Remote work
    Work experience placement
    Shift work

    Vistex BKV

    Hoffman Estates, IL
    11 days ago
  •  ...Description Job Description Supply Chain Risk Management (SCRM) Lead Falls Church, Virginia. Full-...  .... This role coordinates vendor security assessments, establishes SCRM policies...  ...Building, Falls Church, VA. No remote work options available. Standard business... 
    Remote work
    Full time
    Contract work
    Work at office

    ZTI Solutions, LLC

    Falls Church, VA
    a month ago
  •  ...Inc. delivers customized medical and security risk management and wellbeing solutions to enable our...  ...including freestanding surgical facilities in remote and austere environments, telemedicine...  ...Key Responsibilities: Leads the team during the deployment. Responsible... 
    Remote work
    Minimum wage
    Full time
    For contractors
    Work at office
    Local area
    Shift work

    International SOS Government Medical Services

    Sarasota, FL
    4 days ago
  • $150k - $350k

     ...Lead Advisor Opportunity Ready to make a meaningful impact...  ...designs, implements and manages the wealth management plan...  ...Planning, Tax Planning, Risk Management, and General Planning...  ...and will be considered remote until an office space is secured. Brighton Jones is a 'work... 
    Remote work
    Summer work
    Work at office
    Local area
    Flexible hours

    Brighton Jones

    Fort Lauderdale, FL
    17 days ago
  •  ...one of the two greatest global risks of our time and the human...  ...organisations still rely on legacy security awareness training that fails...  ...the world’s first Human Risk Management platform, placing people,...  ...and EMEA regions. Backed by leading European investors including... 
    Remote job
    Full time
    Work at office
    3 days per week

    Outthink Limited

    Florida, NY
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Remote Security Risk Management Lead. Be the first to apply!