Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and risk management in mind.
As a member of the Information Security team at Affirm, you will be joining a team of fun, passionate and highly skilled individuals who like solving security challenges and enjoy learning new skills. We partner together with a team-first mindset and are keen on redefining security in the fintech space.

PREFERRED QUALIFICATIONS

• Technical Proficiency: Experience with scripting or programming to automate tasks (e.g., Python or similar). Familiarity with building API calls to integrate different systems or data sources into risk management tools. Hands-on experience with Lambda functions or similar serverless technologies. Experience with cloud security (AWS, GCP, Azure). Experience with SQL and querying databases.
• Experience with data visualization tools (e.g., Sigma, Tableau, Power BI).
• Certifications such as CISSP, CISA, or CRISC.
  Pay Grade - J
  Equity Grade - 4
  Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.
  Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)
  USA base pay range (CA, WA, NY, NJ, CT) per year: $130,000 - $170,000
  USA base pay range (all other U.S. states) per year: $115,000 - $155,000
  Please note that visa sponsorship is not available for this position.
  

  LI-Remote

Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.

We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include:

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance, Affirm will consider for employment qualified applicants with arrest and conviction records.
By clicking “Submit Application,” you acknowledge that you have read Affirm’s Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein

We are seeking a highly motivated, technically proficient Security Risk Management Specialist. In this role, you will play a crucial part in identifying, assessing, and mitigating security risks across Affirm’s infrastructure and applications and use this knowledge to help maintain and update the security risk register, ensuring all risks are accurately documented, tracked, and managed. This role requires a strong understanding of security risk management principles, analytical skills, and interest in data analysis.

• Data Structuring & Management: Help develop and maintain data structures to support risk quantification, analysis, reporting, and decision-making. Ensure data accuracy and integrity.
• Reporting & Visualization: Create dashboards and reports to communicate security risk metrics and insights to stakeholders. Visualize data to identify trends and patterns.
• Process Improvement: Identify opportunities to improve security risk management processes and help implement solutions that enhance efficiency and effectiveness.
• Metrics & KRI Development: Collaborate to define, develop, and maintain a suite of risk metrics and KRIs. Continuously monitor these indicators to track changes in risk exposure and trigger timely action when thresholds are breached.
• Data Analysis & Reporting: Collect and analyze risk-related data from multiple sources to help identify trends and insights. Create clear, concise risk reports and dashboards for senior management, using data visualization tools and SQL queries to support evidence-based decision-making.
• Automation & Tools: Leverage technical skills to streamline Security Risk Management processes. For example, build integrations and automation (such as AWS Lambda functions or custom scripts) that pull data via API calls from various systems to update risk dashboards or compliance reports in real-time.
• Security Monitoring: Support activities of security and engineering teams, analyze risk and security controls assessments to determine their alignment with regulatory requirements, and actively participate in security audit and remediation activities.
• Cross-Functional Collaboration: Work closely with departments such as IT, Information Security, Engineering, and Finance to establish controls and processes that align with Security Risk Management objectives. Provide guidance and training to process owners on risk management and compliance requirements.