Senior Manager, Security Risk Management

AffirmAffirm·Remote(Remote US)
Cybersecurity
Excel

WFA Digital Insight

The demand for skilled security professionals has never been higher, with companies like Affirm investing heavily in security governance and risk management. As remote work continues to grow, the need for experts who can mitigate third-party risks and ensure compliance has increased by 25% in the last year alone. With Affirm's commitment to honest and transparent financial services, this role offers a unique opportunity to make a real impact. Candidates should be prepared to demonstrate their expertise in security governance, risk management, and team leadership.

Job Description

About the Role

The Senior Manager, Security Risk Management, will play a critical role in leading Affirm's security governance and third-party risk management function. This role requires a seasoned professional with expertise in security policy development, risk management, and team leadership. The ideal candidate will have a strong understanding of security frameworks, such as NIST CSF and ISO 27001, and experience in managing third-party risk.

The Senior Manager will be responsible for developing and implementing security policies, standards, and control frameworks, as well as leading the security governance and third-party risk management functions. This will include managing the security risk posture, tightening governance and fourth-party oversight, and improving tooling and automation adoption.

The successful candidate will have experience in managing high-performing teams, developing and executing program strategies, and driving operational excellence. They will also have excellent communication and stakeholder management skills, with the ability to represent Security in executive forums, audit meetings, and regulatory engagements.

What You Will Do

  • Own Security Governance: maintain and evolve security policies, standards, and control frameworks, including mapping to controls and compliance requirements
  • Lead program maturity planning, roadmaps, and cross-functional governance forums
  • Define and enforce security risk appetite and decision criteria for third-party relationships and integrations
  • Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence, contracting handoffs, ongoing monitoring, periodic reviews, and offboarding
  • Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators
  • Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria
  • Own program KPIs, dashboards, and reporting; drive improvements in throughput, turnaround, backlog age, and remediation velocity
  • Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks
  • Implement and maintain QA processes, runbooks, SOPs for ticket ownership, and evidence standards
  • Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale
  • Act as the primary security contact for Legal, Procurement, Privacy, Product, and Engineering on vendor risk and governance matters

What We Are Looking For

  • 8+ years of experience in security governance, risk management, or a related field
  • Proven experience in managing third-party risk and security governance programs
  • Strong understanding of security frameworks, such as NIST CSF and ISO 27001
  • Experience in managing high-performing teams and developing program strategies
  • Excellent communication and stakeholder management skills
  • Ability to represent Security in executive forums, audit meetings, and regulatory engagements
  • Strong analytical and problem-solving skills
  • Experience with Excel and other productivity tools

Nice to Have

  • Experience in cloud security, particularly AWS or Azure
  • Knowledge of compliance regulations, such as SOC2 and PCI
  • Experience with automation tools, such as Python or PowerShell
  • Certification in security governance or risk management, such as CISM or CRISC

Benefits and Perks

  • Competitive salary and benefits package
  • Opportunity to work with a fast-growing and innovative company
  • Collaborative and dynamic work environment
  • Professional development opportunities, including training and certification programs
  • Flexible work arrangements, including remote work options
  • Access to the latest technology and tools
  • Recognition and rewards for outstanding performance

How to Stand Out

  • To stand out as a candidate, make sure to highlight your experience in security governance and third-party risk management in your resume and cover letter.
  • Be prepared to discuss your approach to managing security risk and your experience with security frameworks, such as NIST CSF and ISO 27001.
  • Showcasing your ability to communicate complex security concepts to non-technical stakeholders will be valuable in this role.
  • Familiarize yourself with Affirm's products and services, and be prepared to discuss how you can contribute to the company's mission.
  • Consider creating a portfolio that demonstrates your experience in managing security programs and leading high-performing teams.

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.