GRC Analyst Affirm, Inc.
San Francisco, CA

Job Description

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

We are looking for a Senior GRC Analyst to join our growing security team! Affirm values information security as a critical part in the company's continued success. While we're reinventing credit to make it more honest and friendly, we also safeguard our clients' sensitive information. Your unique mission as a GRC Analyst is to identify potential weaknesses and vulnerabilities in the foundational infrastructure and strategically reinforce them, enabling other teams to focus on building honest financial products.

What You'll Do

* Perform risk assessments to determine if the company's information assets are protected from internal and external threats and are aligned with regulatory requirements
* Work across-functional team to design, implement and test various security processes and controls
* Conduct internal security audits and provide technical and business recommendation to process owners to remediate all findings
* Work with the Security team in identifying technical security gaps as reported by internal and external customers
* Business plan development and re-evaluation including IRP, BCP, DRP
* Maintain information security policies and procedures
* Respond to security questions from the external audits and merchant RFPs
* Recommend, integrate and manage risk management & compliance tooling

What We Look For

* 3+ years of experience in Information Security and Risk Management
* Attention to detail and experience with security practices and tooling
* Demonstrated ability driving projects towards completion
* Experience with industry-based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.).
* Ability to understand and communicate technical issues to non-technical teams.
* BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience.
* Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus
* Professional security assurance experience (Government Agency, Public accounting/ consulting background) is a plus

If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways - not just candidates who check all the boxes. #LI-DA1

At Affirm, "People Come First" is a core value and that's why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can learn more about our D&I efforts here.

We also consider qualified applicants with arrest and conviction records for positions in accordance with applicable laws, including the San Francisco Fair Chance Ordinance.