Security Risk Management Specialist II

Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and risk management in mind.

As a member of the Information Security team at Affirm, you will be joining a team of fun, passionate and highly skilled individuals who like solving security challenges and enjoy learning new skills. We partner together with a team-first mindset and are keen on redefining security in the fintech space.

What you’ll do

We are seeking a highly motivated, technically proficient Security Risk Management Specialist. In this role, you will play a crucial part in identifying, assessing, and mitigating security risks across Affirm's infrastructure and applications and use this knowledge to help maintain and update the security risk register, ensuring all risks are accurately documented, tracked, and managed. This role requires a strong understanding of security risk management principles, analytical skills, and interest in data analysis.

• Data Structuring & Management: Help develop and maintain data structures to support risk quantification, analysis, reporting, and decision-making. Ensure data accuracy and integrity.

• Reporting & Visualization: Create dashboards and reports to communicate security risk metrics and insights to stakeholders. Visualize data to identify trends and patterns.

• Process Improvement: Identify opportunities to improve security risk management processes and help implement solutions that enhance efficiency and effectiveness.

• Metrics & KRI Development: Collaborate to define, develop, and maintain a suite of risk metrics and KRIs. Continuously monitor these indicators to track changes in risk exposure and trigger timely action when thresholds are breached.

• Data Analysis & Reporting: Collect and analyze risk-related data from multiple sources to help identify trends and insights. Create clear, concise risk reports and dashboards for senior management, using data visualization tools and SQL queries to support evidence-based decision-making.

• Automation & Tools: Leverage technical skills to streamline Security Risk Management processes. For example, build integrations and automation (such as AWS Lambda functions or custom scripts) that pull data via API calls from various systems to update risk dashboards or compliance reports in real-time.

• Security Monitoring: Support activities of security and engineering teams, analyze risk and security controls assessments to determine their alignment with regulatory requirements, and actively participate in security audit and remediation activities.

• Cross-Functional Collaboration: Work closely with departments such as IT, Information Security, Engineering, and Finance to establish controls and processes that align with Security Risk Management objectives. Provide guidance and training to process owners on risk management and compliance requirements. 

What we look for

• Builder mentality with a passion for creating innovative solutions.

• Strong problem-solving and data analysis skills.

• Excellent communication and presentation skills.

• 3+ years of experience in Security Risk Management, audit or compliance risk management, or a related role.

• Familiarity with security risk management and compliance frameworks (e.g. NIST, ISO 27001, PCI).

• Bachelor's degree in Computer Science, Information Security, or a related field.

Preferred Qualifications

• Technical Proficiency: Experience with scripting or programming to automate tasks (e.g., Python or similar). Familiarity with building API calls to integrate different systems or data sources into risk management tools. Hands-on experience with Lambda functions or similar serverless technologies. Experience with cloud security (AWS, GCP, Azure). Experience with SQL and querying databases.

• Experience with data visualization tools (e.g., Sigma, Tableau, Power BI).

• Certifications such as CISSP, CISA, or CRISC.

Pay Grade - J
Equity Grade - 4
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
USA base pay range (CA, WA, NY, NJ, CT) per year: $130,000 - $170,000
USA base pay range (all other U.S. states) per year: $115,000 - $155,000
Please note that visa sponsorship is not available for this position.
#LI-Remote