Affirm · 2 hours ago
Director, Affirm Bank Information Security
United States
Contract
Remote
Senior Level, Lead/Staff
$300K/yr - $360K/yr
10+ years expAffirm is reinventing credit to make it more honest and friendly, and they are seeking a Director of Information Security to lead the Bank's information security and cybersecurity programs. This role involves establishing a comprehensive security framework, managing cybersecurity risks, and ensuring compliance with regulatory requirements as the Bank prepares for launch.
Financial ServicesFinTechLendingPayments
No H1B
Responsibilities
Design, implement, and maintain a comprehensive Information Security Program consistent with FDIC guidance (e.g., FIL-66-2019, FIL-13-2021) and the Interagency Guidelines Establishing Information Security Standards
Develop and oversee policies, standards, and procedures governing cybersecurity, data protection, and incident response
Ensure alignment with the Bank’s overall risk management and governance frameworks
Provide regular reporting to executive management and the Board on the Bank’s security posture, emerging risks, and mitigation efforts
Establish and manage a threat monitoring and detection capability to identify, assess, and respond to cybersecurity risks
Oversee implementation of layered security controls (e.g., network segmentation, encryption, access controls, endpoint protection, vulnerability management)
Lead the Bank’s Incident Response Program, ensuring timely escalation and coordination with regulators when required
Maintain relationships with information-sharing groups (e.g., FS-ISAC) and law enforcement to stay informed of emerging threats
Evaluate the information security posture of third-party and affiliate service providers in accordance with the Bank’s Vendor Management Program and FDIC third-party risk guidance
Establish due diligence, ongoing monitoring, and contractual requirements for vendors handling sensitive data or performing critical services
Coordinate with Operations, Compliance, and Internal Audit to ensure third-party risks are identified, assessed, and mitigated
Ensure compliance with applicable privacy and data protection requirements (e.g., GLBA, Regulation P, state privacy laws)
Implement processes to safeguard customer information and prevent unauthorized access, disclosure, or misuse
Partner with business and technology teams to integrate privacy-by-design principles into new products and services
Lead development and testing of the Bank’s Business Continuity and Disaster Recovery (BC/DR) plans, ensuring they are integrated with information security objectives
Coordinate regular testing and simulations to validate readiness for cyber incidents and system disruptions
Support resilience planning for key systems, vendors, and communication protocols
Build and document the Bank’s information security program as part of the de novo application process
Establish security architecture, monitoring tools, and vendor relationships prior to launch
Prepare readiness materials for FDIC and state examinations related to cybersecurity and operational resilience
Ensure security risk assessments and third-party reviews are completed and incorporated into pre-opening milestones
Serve as the Bank’s senior advocate for cybersecurity and data protection, promoting a culture of security awareness and accountability
Provide training and guidance across the organization to enhance information security awareness
Collaborate with peers in Risk, Compliance, Operations, and Technology to align security priorities with business strategy
Build and lead a capable, mission-driven security team to support the Bank’s evolving needs
Qualification
Required
Minimum of 10 years of information security and technology risk management experience, with at least 5 years in a leadership capacity at a regulated financial institution or Fintech
Demonstrated experience designing and implementing information security programs compliant with FDIC and FFIEC standards
Strong familiarity with third-party risk frameworks and financial services cybersecurity expectations
Experience leading incident response, penetration testing, and security operations in cloud-based and hybrid environments
Proven ability to communicate complex technical topics to executive leadership, the Board, and regulators
Strong leadership, analytical, and problem-solving skills with a risk-based and pragmatic approach to decision-making
Expert knowledge of information security principles, frameworks, and regulatory requirements
Strategic thinker with strong operational execution and control discipline
Effective communicator capable of influencing across technical and business functions
Collaborative leader who fosters a culture of accountability, awareness, and continuous improvement
Benefits
100% subsidized medical coverage, dental and vision for you and your dependents
Monthly stipends for health, wellness and tech spending
Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount
Company
Affirm
Affirm is a financial technology services company that offers installment loans to consumers at the point of sale.
1001-5000 employees
Funding
Current Stage
Public CompanyTotal Funding
$7.57BKey Investors
New York Life InsuranceSixth StreetPGIM Fixed Income
2025-10-31Post Ipo Debt· $750M
2024-12-17Post Ipo Debt· $800M
2024-12-13Post Ipo Debt· $4B
Leadership Team
Max Levchin
Founder & CEO
Robert O'Hare
Chief Financial Officer
Recent News
FX News Group
2026-01-24
The Real Deal
2026-01-23
2026-01-23
Company data provided by crunchbase