GRC Specialist at Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The GRC Security team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind.
What you'll do
- Support compliance activities of security and engineering teams, analyze risk and security controls assessments to determine their alignment with regulatory requirements, and actively participate in security audit and remediation activities
- Contribute to ongoing maintenance of security policies and procedures
- Participate in security due diligence activities on existing and prospective vendors
- Gather and analyze information to support Security reporting
What we look for
- Audit, Compliance, Risk Management, Information Security or other relevant experience
- Knowledge of industry-based risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.
- Attention to detail and demonstrated ability to drive projects towards completion
- Ability to understand and communicate technical issues to non-technical teams
- Passion for working with diverse teams, understanding and taking into account each perspective, as an auditor, engineer, business person, and more.