Jobs/Remote (United States)/Senior Manager, Security Risk Management

Remote (United States), US

Senior Manager, Security Risk Management

Open employer application Back to listings

Company

Affirm

Compensation

Not listed

Schedule

Full-Time

Quick facts

Location: Remote (United States), US

Work style: Remote

Industry: Cybersecurity

Recruiter: Affirm talent team

Posted: Posted 2026-04-07

Source status: Verified public source

Source: job-boards.greenhouse.io

Source job ID: 7686998003

Last checked: May 7, 2026

Confidence: 89/100 based on source quality and listing detail.

Source check

Verified public source from job-boards.greenhouse.io. UpJobz last saw this listing on May 7, 2026. Use the employer application link as the final source of truth before sharing personal information.

UpJobz verification layer

Freshness89/100 source confidence

Last checked May 7, 2026 against job-boards.greenhouse.io. UpJobz uses this as a freshness signal before keeping a job eligible for search traffic.

Ghost-job riskLower

The listing includes enough responsibilities and requirements to support a real go/no-go decision.

Pay clarityRange missing

No reliable range is visible, so ask for compensation early instead of waiting until late-stage interviews.

Work authorizationSignals present

Open to TN, H-1B, and OPT candidates already in the United States Employer has a documented history of US work-visa sponsorship

Location fitRemote

US-scoped remote role; confirm timezone and country eligibility on job-boards.greenhouse.io.

Why it fits

Senior Manager, Security Risk Management is a high-signal remote role in Remote (United States), and it is most realistic for open to tn, h-1b, and opt candidates already in the united states.

Company snapshot

Affirm is the public buy-now-pay-later platform powering checkout financing for top retailers across North America.

Eligibility

Open to TN, H-1B, and OPT candidates already in the United StatesEmployer has a documented history of US work-visa sponsorshipVerify per-role sponsorship details on the listing before applying

Technical signals

llmsecurityobservabilityapifintechpaymentspythonkotlinml

Subscriber advantage

Source signal

Verified public source

89/100 confidence reflects source quality, posting clarity, compensation visibility, and whether the role has enough structured detail to act on.

Eligibility

Clear market access

Open to TN, H-1B, and OPT candidates already in the United States

Comp signal

Compensation hidden

Plan to ask for compensation range early in the process.

Role overview

What this role actually needs.

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. Responsibilities: - Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations). - Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council). - Define and enforce security risk appetite and decision criteria for third-party relationships and integrations. - Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. - Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. - Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria. Requirements: - Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council). - Define and enforce security risk appetite and decision criteria for third-party relationships and integrations. - Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding. - Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators. - Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria. - Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity. Benefits: - Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents - Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses - Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge - ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount Company context: Affirm is the public buy-now-pay-later platform powering checkout financing for top retailers across North America.

Responsibilities

Day-to-day expectations

Affirm lists these responsibilities for the Senior Manager, Security Risk Management role.

Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.

Requirements

What a strong candidate brings

These requirements are extracted from the source listing and normalized for UpJobz readers.

Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.
Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity.

Benefits

Why people would want this job

Affirm published these compensation, benefits, or working-context details with the role.

Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

UpJobz market context

Why this listing is more than a copied job post.

Senior Manager, Security Risk Management is framed against UpJobz source checks, country scope, compensation visibility, and work-authorization signals so candidates can make a faster go/no-go decision.

United States tech market

United States roles on UpJobz are filtered for high-tech relevance, source freshness, and actionable employer detail before they are allowed into SEO surfaces.

Compensation read

The employer source does not expose a reliable salary range, so candidates should ask for compensation early instead of waiting until late-stage interviews.

Work authorization read

Current extracted signal: Open to TN, H-1B, and OPT candidates already in the United States. UpJobz treats this as a search signal, not legal advice, and links visa-sensitive roles back to the relevant visa hub where possible.

Location read

Because this is remote, country scope and time-zone expectations matter as much as the title. Confirm the employer's allowed work locations on job-boards.greenhouse.io.

Browse similar jobs

Subscriber playbook

Turn this listing into an application plan.

This is the first pass at the premium UpJobz layer: a fast brief that helps serious applicants move with more clarity.

Next moves

Tailor your resume around llm and security instead of sending a generic application.
Use the first two bullets of your application to connect your background directly to senior manager, security risk management is a high-signal remote role in remote (united states), and it is most realistic for open to tn, h-1b, and opt candidates already in the united states.
Open the role quickly if it fits and bookmark three similar jobs before you leave the page.

Interview themes

CybersecurityRemotellmsecurityobservabilityapi

Watchouts

Compensation is hidden, so get range clarity in the first recruiter conversation.
Use open to tn, h-1b, and opt candidates already in the united states as part of your positioning so the recruiter does not have to infer it.
Lead with distributed collaboration, async delivery, and timezone discipline.

Role signals

Keywords to match against your background

Use these terms to decide whether your resume, portfolio, and recent projects line up with the role.

llmsecurityobservabilityapifintechpaymentspythonkotlinml

Next step

Apply through the employer source

Open the source listing from job-boards.greenhouse.io, confirm the role is still active, then apply on the employer or ATS page.

Open employer application

Source: job-boards.greenhouse.io · Source ID: 7686998003 · Confidence: 89/100 · Last checked: May 7, 2026

How UpJobz verifies job sources Continue browsing tech jobs