Operational Risk Lead

San Francisco, CA
Risk Operations
Full Time - Exempt
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

Affirm’s Enterprise Risk team provides an enterprise-wide view of risks, assists management in identifying and monitoring risks that may affect multiple business areas, and takes appropriate action when business activities exceed the risk tolerance of the company. Enterprise Risk establishes the risk framework and standards and provides guidance for risk management activities across the company.

It’s an exciting time to be a part of Affirm’s new Enterprise Risk team. We’re seeking an Operational Risk Lead to advise and support the risk programs run within Enterprise Risk and the achievement of mitigating operational risk and minimizing the losses associated with them. Based in San Francisco, the role will report to the Director of Enterprise Risk and will work multi-functionally with other teams. In this role you will serve as a subject matter expert tasked with educating and guiding the business units to help identify risks and controls, as well as to assist in the improvement and management of Third Party Risk Management, Business Continuity, and other risk management programs.

What You Will Do

    • You will manage the Third-Party Risk Management Program for all of Affirm third-party relationships, including:
    • Analyzing the third party risk assessment and/or questionnaires, ensuring necessary partners are engaged, supporting third party on-boarding, handling due diligence collection, running all required ongoing monitoring, and supporting the termination process if applicable
    • Ensure all data and documentation is gathered that is necessary to complete due diligence and ongoing monitoring phases
    • Lead third-party risk assessments and ensure each product or service is defined by a risk ratings
    • Engage with Functional Leaders and other partners to establish and review third-party performance metrics and vendor scorecards
    • Serve as the central point of contact on new initiatives and programs, representing Enterprise Risk on third-party risk management matters
    • Facilitate the execution of the Business Continuity Program and Plan across applicable functions at the company, including:
    • Completion of annual risk assessment, business impact analysis and Business Continuity Plan
    • Ongoing monitoring of potential incidents
    • Testing of Business Continuity components
    • Coordinating annual table-top exercise for Business Continuity and Disaster Recovery, as well as handling the action plans that result
    • Administer the enterprise-wide Issue Management process, including:
    • Implementing and maintaining Issue Management procedures and guidance, as well as providing feedback and input to influence Issue Management database/tools
    • Identifying trends, themes and monitoring next steps for corrective action plans
    • Developing and maintaining committee reporting, calling out any matters requiring management’s attention
    • Oversee meetings and develop relationships with the business to educate and facilitate the overall creation or improvement of enterprise-wide risk framework, where necessary
    • Provide risk training and awareness, as well as consultative guidance on risk management program matters
    • Draft and build presentations displaying the monthly status of risk management programs (i.e. third party risk, business continuity and other operational risk areas)
    • Improve/update related documentation, program, policies and procedures

What We Look For

    • This role requires a self starter with strong relationship management, influencing, vision and execution skills. A key differentiator will be the tenacity to understand and operate successfully in an undefined, new function in the company. The role calls for a sense of urgency, passion for results, and personal integrity.
    • Bachelor's degree or equivalent experience
    • 3+ years of professional work experience in Enterprise and/or Operational Risk in a regulated environment, preferably in banking and financial services
    • Excellent organizational and interpersonal skills
    • Experience working with GRC tools
    • Resourceful with ability to work independently
    • A strong interest in fintech and consumer finance
    • Demonstrable experience as a key contributing member of a high performing team
    • Inquisitive and enthusiastic in proposing creative and effective solutions
    • Solid project management, critical thinking and analytical skills
    • Excellent verbal and written communication skills with the ability to communicate complex and sensitive issues
    • Passion for risk management and improving processes in order to make Affirm a more efficient and risk aware organization
If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.

At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can learn more about our D&I efforts here.

We also consider qualified applicants with arrest and conviction records for positions in accordance with applicable laws, including the San Francisco Fair Chance Ordinance.