Tech Stack

Description

You will lead Security Governance and Third-Party Risk Management at Affirm, driving program strategy, operational maturity, and stakeholder alignment. Your work ensures that security risk posture is clear, vendor diligence is executed at scale, and senior leadership receives actionable insights for informed business decisions.

Requirements

• 7+ years in information security, risk management, or GRC roles.
• Minimum 3 years managing teams or equivalent leadership.
• Demonstrated ownership of TPRM or security governance program in regulated or high-growth tech environment (fintech preferred).
• Strong knowledge of NIST, ISO, SOC2, PCI, and vendor risk processes.
• Hands-on experience with TPRM/GRC tooling (AuditBoard, Jira, BI tools) and certifications like CISSP, CISM, CRISC.

Responsibilities

• Own Security Governance: maintain security policies, standards, and control frameworks (NIST CSF, ISO 27001), map to compliance requirements (SOC2, PCI).
• Lead third-party risk management across vendor lifecycle: onboarding, due diligence, contracting, monitoring, periodic reviews, offboarding.
• Drive program KPIs, dashboards, and reporting (Jira, AuditBoard, BI tools) to improve throughput, turnaround, and remediation velocity.
• Build, coach, and scale Governance and TPRM teams through hiring, performance management, and career development.
• Serve as security liaison for Internal Audit, external assessments, and executive/regulatory engagements; own remediation commitments.