Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm values information security as a critical part in the company’s continued success. While we’re reinventing credit to make it more honest and friendly, we also safeguard our clients’ sensitive information. Your unique mission as a Security Engineer is to identify potential weaknesses and vulnerabilities in the foundational infrastructure and strategically reinforce them, enabling other teams to focus on building honest financial products.

What You'll Do

• Perform risk assessments to determine if the company's information assets are protected from internal and external threats and are aligned with regulatory requirements
• Work across teams to design, implement and test various security processes and controls to ensure compliance with Affirm’s security program and to meet external regulatory requirements
• Conduct internal security audits and provide technical and business recommendations to process owners to remediate all findings
• Work with the Security team to identify technical security gaps as reported by internal and external customers
• Develop and evaluate security-related business plans and procedures, including IRP, BCP, DRP
• Work closely with the Security Program Management team to build and maintain information security policies and procedures that are compliant with regulatory requirements
• Respond to security questions from external audits and merchant RFPs
• Recommend, integrate and manage risk management and compliance tooling

What We Look For

• 5+ years of experience in Information Security and Risk Management.
• Previous experience leading the GRC team/function is a plus 
• Experience with industry-based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
• Professional security assurance experience (Government Agency, Public accounting/ consulting background, Financial Institution)
• Attention to detail and experience with security practices and tooling
• Demonstrated ability to drive projects towards completion
• Ability to understand and communicate technical issues to non-technical teams
• Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus

If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.

At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can learn more about our D&I efforts here.

By clicking "Apply for this job," I acknowledge that I have read the Affirm Employment Privacy Policy, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.