IT Security Risk Management Lead

2 days ago

Apply Now

Receive Emails with Similar Jobs

Affirm

WebsiteLinkedInAll Job Openings

We’re excited to announce that Affirm is now a remote-first company$1. !$1

eCommerce • Payments • Installment Loans • Millennials • Financial Services

1001 - 5000

💰 Post-IPO Equity on 2021-01

Description

• Develop complementary control frameworks that define the security responsibilities of Affirm and its third parties, including vendors, merchants, and partners. • Mature our third-party security risk processes by working with a broad range of technical and non-technical stakeholders. • Own the end-to-end execution of third-party due diligence and issues management, ensuring alignment with stakeholders throughout. • Design and generate metrics and reports on risk indicators, issues, and the efficiency of our operations. • Support Legal in our contract reviews and negotiations to ensure appropriate security terms are in place. • Provide best-in-class support for our client-facing teams and security assurance to our business partners as well as find opportunities to enhance this program and build internal and external relationships. • Fluently communicate security risks to non-experts to empower our business with valuable, actionable information. • Develop, curate, and disseminate security governance documentation, ensuring awareness amongst stakeholders and employees. • Partner with engineering and IT to define and document policies and technical procedures for secure and compliant treatment of sensitive data.

Requirements

• Excellent project management and collaboration skills—setting goals and priorities, taking into account dependencies, and handling execution from start to finish. • A drive to solve difficult problems and evolve the status quo with technical and non-technical solutions—you’re never satisfied by just ticking a box. • Crystal clear verbal and written communication—people love how your emails and documentation tell them exactly what they need to know. • 3-5 years of risk management, information security, or other relevant experience working with technical teams and balancing risk against business need. • Passion for working with diverse teams and taking into account each perspective, e.g. as an auditor, engineer, business person, and more. • Knowledge of risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1 & 2 (SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.

Benefits

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents. • Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount