Senior Manager, Security Risk Management (Fintech)

TL;DR

Senior Manager, Security Risk Management (Fintech): Leading security governance and third-party risk management, including program strategy, operational maturity, and stakeholder alignment with an accent on security governance, vendor risk, and third-party integration risk. Focus on driving policy and control frameworks, remediating audit findings, and delivering measurable program KPIs.

Location: Remote (US)

Salary: $250,000 - $300,000 (CA, WA, NY, NJ, CT) per year; $223,000 - $273,000 (all other U.S. states) per year

Company

hirify.global is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

What you will do

• Own security governance, maintaining and evolving security policies, standards, and control frameworks.
• Lead the Security TPRM function across the vendor lifecycle, ensuring robust fourth-party oversight.
• Oversee high-risk vendor decisions and escalations, establishing clear RACI for partnership contracts and security acceptance criteria.
• Own program KPIs, dashboards, and reporting, driving improvements in throughput, turnaround, backlog age, and remediation velocity.
• Build, coach, and scale the Governance and TPRM teams, focusing on hiring, performance management, and career development.
• Serve as the security liaison for Internal Audit and external assessments, ensuring timely remediation of findings and demonstrable progress.

Requirements

• 7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams.
• Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
• Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes.
• Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools, and experience with integrations/APIs.
• Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership.
• Certifications such as CISSP, CISM, CRISC, or similar.

Nice to have

• Practical experience with threat-modeling approaches and third-party integration security (API, SSO/OAuth/SAML, TLS).
• Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
• Prior experience in fintech or highly regulated industries.

Culture & Benefits

• Remote-first company with the flexibility to work almost anywhere within the country of employment.
• Competitive benefits that are anchored to our core value of people come first.
• hirify.global covers all premiums for all levels of health care coverage for you and your dependents.
• Generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses.
• Competitive vacation and holiday schedules allowing you to take time off to rest and recharge.
• An employee stock purchase plan enabling you to buy shares of hirify.global at a discount.

Hiring process

• hirify.global is happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
• hirify.global will consider for employment qualified applicants with arrest and conviction records.