... assess and manage security risk across third party relationships • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks • ...
... assess and manage security risk across third party relationships • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks • ...
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
Manager, Security (4912)
Memphis, TN · On-site
Perform risk assessments, analyze metrics and trends to align resources and staffing to proactively ... Coordinate, manage and monitor security activities to provide a safe/secure work environment.
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
... security risk assessments in high-security environments. You will have professional experience ... You will support and uphold the high standards of security policy, compliance, and risk management ...
Security Analyst
Brentwood, TN · On-site
... assisting in risk assessments, monitoring, and security projects to support effective ... Work directly with ISO to facilitate cybersecurity risk management processes and activities by ...
New
Security Analyst
Brentwood, TN · On-site
... assisting in risk assessments, monitoring, and security projects to support effective ... Work directly with ISO to facilitate cybersecurity risk management processes and activities by ...
New
... security risk assessments in high-security environments. You will have professional experience ... You will review projects and change management activities within RRL for compliance to ...
... security risk assessments in high-security environments. You will have professional experience ... You will review projects and change management activities within RRL for compliance to ...
Risk Assessment & Operational Support * Monitor national and international events to identify ... Proven project management capabilities with success delivering complex, multistakeholder ...
Risk Assessment & Operational Support * Monitor national and international events to identify ... Proven project management capabilities with success delivering complex, multistakeholder ...
Senior Risk Assessor
Nashville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Nashville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Knoxville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Senior Risk Assessor
Knoxville, TN · On-site +1
... risk assessment projects and proposals. This exciting opportunity offers a growth position in a ... Manage tasks of larger projects and track budgets * Under guidance of Project Manager or senior ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
Management or participation in Cybersecurity, Information Security, Risk, Compliance and/or Data Privacy Programs or Projects * Sample projects/programs could include but are not limited to:
... security professionals with wide-spread responsibility; coordinating data-driven risk assessments ... The Manager will also assist in the development of information security and information technology ...
... security professionals with wide-spread responsibility; coordinating data-driven risk assessments ... The Manager will also assist in the development of information security and information technology ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Meaningful Use Security Risk Analyses, HIPAA), and managing risk assessment activities (e.g. HIPAA, PCI, NIST Cyber Security Framework). In addition, this position will ensure all parts of the risk ...
Cybersecurity Risk Analyst
Nashville, TN · On-site
Produce a comprehensive, written, security assessment of vendors security posture * Experience ... Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar ...
Cybersecurity Risk Analyst
Nashville, TN · On-site
Produce a comprehensive, written, security assessment of vendors security posture * Experience ... Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar ...
Produce a comprehensive, written, security assessment of vendors security posture * Experience ... Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar ...
Produce a comprehensive, written, security assessment of vendors security posture * Experience ... Familiarity with using Third Party Risk Management tools/processes such as OneTrust, SIG or similar ...
... Security, Risk Assessments, Security Technologies, Web Application Security Competencies Analytical Thinking, Effective Communications, Information Security Management, Information Security ...
... Security, Risk Assessments, Security Technologies, Web Application Security Competencies Analytical Thinking, Effective Communications, Information Security Management, Information Security ...
Global Security Director
Nashville, TN · On-site
Lead security planning and risk management for the Board of Directors and executive leadership. * Provide executive protection oversight, including risk assessments, travel security, and event ...
Global Security Director
Nashville, TN · On-site
Lead security planning and risk management for the Board of Directors and executive leadership. * Provide executive protection oversight, including risk assessments, travel security, and event ...
Manager Security Risk Assessment information
What is the difference between Manager Security Risk Assessment vs Security Analyst?
| Aspect | Manager Security Risk Assessment | Security Analyst |
|---|---|---|
| Certifications | CISSP, CISM, CRISC | CISSP, Security+ |
| Work Environment | Oversees security programs, manages teams | Analyzes security threats, monitors systems |
| Industry Usage | Common in organizations with complex security needs | Widely used across various industries for threat detection |
The Manager Security Risk Assessment focuses on leading security risk evaluations, managing teams, and developing security strategies. In contrast, a Security Analyst primarily monitors security systems, analyzes threats, and responds to incidents. Both roles require relevant certifications and work within the cybersecurity industry, but their responsibilities differ in scope and focus.
Job description
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. The Security Risk Management Lead will design, develop, and implement solutions to complex technical and business problems while transforming Security Risk Management into a security engineering discipline.
Responsibilities:
• Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows
• Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)
• Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes
• Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships
• Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks
• Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog
• Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management
• Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership
• Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence
• Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction
• Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration
• Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance
• Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions
• Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering
Qualifications:
Required:
• 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles
• Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end
• Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations
• Excellent written and verbal communications skills
• Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling
• Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)
• BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
• Attention to detail and experience with security practices and security tooling
• Demonstrated ability to drive projects towards completion
• Ability to understand and communicate technical issues to non-technical teams
Preferred:
• Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.)
Company:
Affirm is a financial technology services company that offers installment loans to consumers at the point of sale. Founded in 2012, the company is headquartered in San Francisco, USA, with a team of 1001-5000 employees. The company is currently Late Stage.
About Affirm
Sourced by ZipRecruiter
Industry
Finance and insurance
Company size
51 - 200 Employees
Headquarters location
San Francisco, CA, US
Year founded
2012