Director, Affirm Bank Information Security

About This RoleAI processing…

Key Responsibilities

• 1
  Design, implement, and maintain a comprehensive Information Security Program consistent with FDIC guidance (e.g., FIL-66-2019, FIL-13-2021) and the Interagency Guidelines Establishing Information Security Standards.
• 2
  Develop and oversee policies, standards, and procedures governing cybersecurity, data protection, and incident response.
• 3
  Ensure alignment with the Bank’s overall risk management and governance frameworks.
• 4
  Provide regular reporting to executive management and the Board on the Bank’s security posture, emerging risks, and mitigation efforts.
• 5
  Establish and manage a threat monitoring and detection capability to identify, assess, and respond to cybersecurity risks.
• 6
  Oversee implementation of layered security controls (e.g., network segmentation, encryption, access controls, endpoint protection, vulnerability management).
• 7
  Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required.
• 8
  Maintain relationships with information-sharing groups (e.g., FS-ISAC) and law enforcement to stay informed of emerging threats.
• 9
  Evaluate the information security posture of third-party and affiliate service providers in accordance with the Bank’s Vendor Management Program and FDIC third-party risk guidance.
• 10
  Establish due diligence, ongoing monitoring, and contractual requirements for vendors handling sensitive data or performing critical services.
• 11
  Coordinate with Operations, Compliance, and Internal Audit to ensure third-party risks are identified, assessed, and mitigated.
• 12
  Ensure compliance with applicable privacy and data protection requirements (e.g., GLBA, Regulation P, state privacy laws).
• 13
  Implement processes to safeguard customer information and prevent unauthorized access, disclosure, or misuse.
• 14
  Partner with business and technology teams to integrate privacy-by-design principles into new products and services.
• 15
  Lead development and testing of the Bank’s Business Continuity and Disaster Recovery (BC/DR) plans, ensuring they are integrated with information security objectives.
• 16
  Coordinate regular testing and simulations to validate readiness for cyber incidents and system disruptions.
• 17
  Support resilience planning for key systems, vendors, and communication protocols.
• 18
  Build and document the Bank’s information security program as part of the de novo application process.
• 19
  Establish security architecture, monitoring tools, and vendor relationships prior to launch.
• 20
  Prepare readiness materials for FDIC and state examinations related to cybersecurity and operational resilience.
• 21
  Ensure security risk assessments and third-party reviews are completed and incorporated into pre-opening milestones.
• 22
  Serve as the Bank’s senior advocate for cybersecurity and data protection, promoting a culture of security awareness and accountability.
• 23
  Provide training and guidance across the organization to enhance information security awareness.
• 24
  Collaborate with peers in Risk, Compliance, Operations, and Technology to align security priorities with business strategy.
• 25
  Build and lead a capable, mission-driven security team to support the Bank’s evolving needs.

Requirements

• Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required.
• Strong familiarity with third-party risk frameworks and financial services cybersecurity expectations.
• Expert knowledge of information security principles, frameworks, and regulatory requirements.
• Core Competencies Expert knowledge of information security principles, frameworks, and regulatory requirements.
• Affirmers in proximal roles have the flexibility to work remotely, but will occasionally be required to work out of their assigned Affirm office.
• By clicking "Submit Application," you acknowledge that you have read Affirm's Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as described therein.

Perks & Benefits