Security M&A Manager at Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm, Inc. proudly includes Affirm, PayBright, and Returnly.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security M&A Manager partners with key business leaders, project and integration teams, technical leads, finance, third parties and customers.What You'll Do
- Manage or support Security M&A activities from due diligence to integration working directly with M&A project members across many different teams and functions.
- Standardize and build upon Security’s M&A framework to balance business requirements with information security requirements with inputs from key cross-organizational M&A partners
- Facilitate acquisition risk assessments that include discovery and consideration of data types, regulatory requirements, organization size, business process, technology use and organizational security posture
- Document security best practices and lessons learned throughout various due diligence initiatives to identify continuous improvement for future acquisitions
- This position may also support other Security Risk Management initiatives such as internal and external audits, risk assessments, security risk reporting, and user access.
- M&A, Risk Management, Information Security or other relevant experience
- Knowledge of industry-based risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.
- Strong project management and people management skills.
- Attention to detail and demonstrated ability to drive projects towards completion within minimal supervision
- Ability to understand and communicate technical issues to non-technical teams
- Passion for working with diverse teams, understanding and taking into account each perspective, as an auditor, engineer, business person, and more.
- Professional certification (Not required): such as CISSP, CRISC, CISA, CISM, GSE, or SANS
The majority of our roles can be located anywhere in the U.S. (exclusive of the U.S. Territories) and Canada (with the exception of Quebec).
Affirm is proud to be a remote-first company! The majority of our roles are remote and can be located anywhere in the U.S. and Canada (with the exception of the U.S. Territories, Quebec, Yukon, Nunavut, and the Northwest Territories) unless the job indicates a different global location. We are currently building operations in Spain, Poland, and Australia. Employees in remote roles have the option of working remotely or from an Affirm office in their country of hire, and may occasionally travel to an Affirm office or elsewhere for required meetings or team-building events. Our offices in Chicago, New York, Pittsburgh, Salt Lake City, San Francisco and Toronto will remain operational and accessible for anyone to use on a voluntary basis, subject to local COVID-19 guidelines.
At Affirm, People Come First is one of our core values, and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2020 DEI Report.
We also believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.