GRC Specialist
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The GRC Security team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind.
What you'll do
- Support compliance activities of security and engineering teams, analyze risk and security controls assessments to determine their alignment with regulatory requirements, and actively participate in security audit and remediation activities
- Contribute to ongoing maintenance of security policies and procedures
- Participate in security due diligence activities on existing and prospective vendors
- Gather and analyze information to support Security reporting
What we look for
- Audit, Compliance, Risk Management, Information Security or other relevant experience
- Knowledge of industry-based risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.
- Attention to detail and demonstrated ability to drive projects towards completion
- Ability to understand and communicate technical issues to non-technical teams
- Passion for working with diverse teams, understanding and taking into account each perspective, as an auditor, engineer, business person, and more.
Location
We’re excited to announce that Affirm is now a remote-first company! This role can be located anywhere in the U.S. and Canada (with the exception of Quebec). Remote based employees may occasionally travel to an Affirm office for meetings or team building events. Our offices in San Francisco, New York City, Pittsburgh, Chicago, and Salt Lake City will remain operational and accessible for anyone to use on a voluntary basis.
Check out our remote-first approach to learn more about the new ways we work.
If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.
At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2019 D&I report.
We also believe “It’s On Us” to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
We will consider for employment qualified applicants with arrest and conviction records in accordance with applicable federal, state and local laws, including the San Francisco Fair Chance Ordinance. By clicking "Submit Application," I acknowledge that I have read the Affirm Employment Privacy Policy, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.