Opportunities at Craft portfolio companies


IT Security Risk Management Lead



United States · Remote
Posted on Tuesday, July 2, 2024

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

We are seeking a Security Risk Management Lead to join our Security Risk Management team at Affirm. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind! Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products.

What You'll Do

  • Develop complementary control frameworks that define the security responsibilities of Affirm and its third parties, including vendors, merchants, and partners.
  • Mature our third-party security risk processes by working with a broad range of technical and non-technical stakeholders.
  • Own the end-to-end execution of third-party due diligence and issues management, ensuring alignment with stakeholders throughout.
  • Design and generate metrics and reports on risk indicators, issues, and the efficiency of our operations.
  • Support Legal in our contract reviews and negotiations to ensure appropriate security terms are in place.
  • Provide best-in-class support for our client-facing teams and security assurance to our business partners as well as find opportunities to enhance this program and build internal and external relationships.
  • Fluently communicate security risks to non-experts to empower our business with valuable, actionable information.
  • Develop, curate, and disseminate security governance documentation, ensuring awareness amongst stakeholders and employees.
  • Partner with engineering and IT to define and document policies and technical procedures for secure and compliant treatment of sensitive data.

What We Look For

  • Excellent project management and collaboration skills—setting goals and priorities, taking into account dependencies, and handling execution from start to finish.
  • A drive to solve difficult problems and evolve the status quo with technical and non-technical solutions—you’re never satisfied by just ticking a box.
  • Crystal clear verbal and written communication—people love how your emails and documentation tell them exactly what they need to know.
  • 3-5 years of risk management, information security, or other relevant experience working with technical teams and balancing risk against business need.
  • Passion for working with diverse teams and taking into account each perspective, e.g. as an auditor, engineer, business person, and more.
  • Knowledge of risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1 & 2 (SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.

Pay Grade - L
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA base pay range (CA, WA, NY, NJ, CT) per year: $160,000 - $210,000
USA base pay range (all other U.S. states) per year: $142,000 - $192,000

Please note that visa sponsorship is not available for this position.


Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.

We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:

  • Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
  • Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
  • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
  • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.

By clicking "Submit Application," you acknowledge that you have read the Affirm Employment Privacy Policy for applicants within the United States, the EU Employee Notice Regarding Use of Personal Data (Poland) for applicants applying from Poland, the EU Employee Notice Regarding Use of Personal Data (Spain) for applicants applying from Spain, or the Affirm U.K. Limited Employee Notice Regarding Use of Personal Data for applicants applying from the United Kingdom, and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.