Senior Manager, Security Risk Management

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. This role owns program strategy, operational maturity, and stakeholder alignment for security governance, vendor risk, and third-party integration risk. The manager will drive policy and control frameworks, remediate audit findings, deliver measurable program KPIs, and grow a high-performing team that executes vendor diligence, monitoring, and governance at scale. Our Security Governance and TPRM programs must move from tactical firefighting to predictable, measurable operations that scale with the business. This leader will set the security risk posture, tighten governance and fourth-party oversight, improve tooling and automation adoption, and ensure timely, actionable escalations so senior leadership can make the right business decisions. What You'll Do Program strategy & governance Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations). Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council). Define and enforce security risk appetite and decision criteria for third-party relationships and integrations. Third-party risk management Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. Oversee high-risk vendor decisions and escalations; establish clear RACI for partners