Senior Information Security Manager

Hi, We’re AffiniPay! 

AffiniPay is a leading fintech company, based out of Austin, Texas. As the market leader in professional services payments and practice management software, AffiniPay’s tech products serve legal, accounting, architectural, engineering and construction firms. AffiniPay has been recognized as one of Inc. 5000’s fastest growing companies in the U.S. for 13 years in a row, and as a result, our teams continue to grow as well! 

This is a hands-on leadership role for someone who thrives on elevating security practices from tactical execution to an integrated, metrics-driven, cross-functional program. You'll help modernize how we detect, respond to, and mitigate risk, leveraging AI-enabled platforms like CrowdStrike, Vanta, and Snyk, while also identifying new opportunities to integrate AI to improve security efficiency, reduce alert fatigue, and increase visibility. This role is essential to our company-wide AI adoption effort and directly contributes to AffiniPay’s Value Creation Plan (VPC).

What You’ll Do

• Own the implementation, configuration, and operationalization of information security platforms (e.g., CrowdStrike, Security Hub, GuardDuty, Vanta, DataGrail)
• Ensure CrowdStrike and similar tools are correctly configured and deployed, in partnership with the Information Security Engineer, to achieve intended coverage and effectiveness
• Lead monitoring, tuning, and stakeholder engagement for suspicious findings or platform alerts, ensuring clear triage and response workflows
• Oversee the security posture for access controls, logging, and backups, ensuring relevant data is collected and ingested into NG SIEM or other detection pipelines
• Track the effectiveness of tooling, identify opportunities to improve alert fidelity, and eliminate coverage gaps
• Evaluate opportunities to increase automation and efficiency through AI capabilities within existing tools (e.g., CrowdStrike, Vanta, Snyk) and recommend adoption of new platforms that align with our AI growth goals
• Lead experimentation or pilot efforts to improve security signal triage, anomaly detection, and risk prediction through AI/ML-powered capabilities
• Own the identification, evaluation, and documentation of security-related risks across infrastructure, applications, and third-party services
• Develop and maintain actionable risk treatment plans in collaboration with stakeholders, balancing mitigation, acceptance, and investment tradeoffs
• Partner with the VP of Information Security to maintain visibility into top risks, contribute to executive-level risk dashboards, and align controls to actual exposure
• Ensure that AffiniPay’s cloud environments (AWS, Terraform-managed infrastructure) meet commercial security best practices and evolving compliance obligations
• Partner with Infrastructure, DevOps, and DevX to assess and remediate gaps in governance, process documentation, or control ownership
• Drive alignment around security configurations, automation guardrails, and baseline control requirements across brands
• Own security control operations for frameworks, including SOC 2 Type 2, PCI DSS 4.0, and other in-scope privacy obligations
• Ensure evidence collection, documentation, and audit support are proactively maintained
• Maintain clear ownership of control domains, including logging, monitoring, asset management, backup validation, encryption, and vendor risk support
• Build and maintain repeatable, data-driven security metrics and KPIs at the team, department, and executive levels
• Identify or implement tools and workflows to assist in automated data gathering, reporting, and visualization
• Use metrics to support risk reduction decisions, program transparency, and budget justification for future investment
• Contribute to company-wide AI metrics by helping establish security-specific AI adoption benchmarks, efficiency gains, or automation outcomes related to platform usage and team productivity
• Support incident response preparation through tabletop exercises, playbook development, and role clarity across functions
• Partner with Engineering and business stakeholders to triage alerts, classify severity, and coordinate cross-team responses
• Maintain ownership of detection platforms and ensure findings are actionable, prioritized, and communicated to the appropriate teams
• Provide guidance, support, and tactical leadership to Information Security Engineers and Compliance staff
• Serve as a point of contact across departments, building trust and driving execution without escalation
• Help build bench strength and resiliency across the InfoSec function by identifying training needs, process gaps, and staffing signals

About You

• 6+ years of progressive experience in information security, cybersecurity engineering, or security risk management
• Proven ability to operationalize controls under PCI DSS, SOC 2 Type 2, or similar regulatory frameworks, with audit support and remediation tracking
• Demonstrated ownership of InfoSec risk identification, analysis, and mitigation, with ability to drive collaborative treatment planning across stakeholders
• Hands-on experience with cloud security architecture (AWS required), including IAM, logging, encryption, GuardDuty, Security Hub, and Terraform-based infrastructure
• Familiarity with security platform management and tuning, including CrowdStrike, Vanta, and Snyk, and comfort leading tool implementation and maturity roadmaps
• Experience building and maintaining department-level metrics or KPIs tied to security program performance or audit readiness
• Ability to translate technical risk into business impact and present findings to stakeholders
• Track record of influencing cross-functional teams without direct authority and delivering on cross-team security initiatives
• Experience evaluating or deploying AI- or ML-enhanced platforms in the security, compliance, or detection space (e.g., CrowdStrike, Vanta, Snyk)
• Demonstrated ability to identify automation or AI opportunities to reduce manual workflows, improve detection, or accelerate compliance assurance
• Comfort working with technical teams on AI/LLM integrations, anomaly detection enhancements, or AI-powered reporting

Nice to Have

• Certifications: CISSP, CISM, CCSP, AWS Security Specialty, or equivalent
• Experience supporting privacy operations tools and workflows (e.g., DataGrail)
• Experience with metrics automation or dashboard platforms (e.g., Vanta, Power BI, Looker)
• Exposure to legaltech, fintech, or multi-brand SaaS environments with compliance or regulatory complexity
• Familiarity with AI/ML platforms in the security or compliance space, including AI-enhanced SIEM, automated compliance evidence tools, or large language model (LLM) integrations for incident or alert summarization
• Experience with AI-enhanced security tooling (e.g., SIEMs with ML models, large language models for alert summarization or evidence automation)
• Prior involvement in evaluating or deploying AI technologies as part of a security program modernization effort
• Familiarity with AI governance, explainability, and responsible AI principles in the context of security and compliance

Our Story

Founded in 2005, AffiniPay’s mission is to build technology products that helps professionals focus on the work they love. As the leader in the professional payments industry, AffiniPay’s products serve legal, accounting, architectural, engineering and construction firms. Our portfolio of software solutions include MyCase (Legal Practice Management Software), CASEpeer (Practice Management for Personal Injury Firms), and Docketwise (Immigration & Case Management Software). Our portfolio of payment solutions include LawPay (Legal), AffiniPay for Associations (Associations), CPACharge (Accounting Professionals), and ClientPay (Architect, Engineer, and Construction). AffiniPay’s products serve over one hundred thousand users, and we are noted as one of the fastest growing tech companies in Austin, Texas. We are constantly looking for talent to join our team to continue playing a key part in unlocking our potential. 

Diversity, Equity & Inclusion at AffiniPay

At AffiniPay, we recognize that innovation occurs with a strong team of people who are diverse in background, personality, talent and ideas. Experience comes in many forms and ensuring a diverse and inclusive workplace where we continue to learn from each other is an integral part of our culture. We are committed to creating a welcoming and transparent environment for all that embraces those differences through education, equal access to opportunities and information, inclusionary programs, and community outreach. 

Benefits that Benefit You! 

As a people first culture, we believe it is important that our teammates are happy, healthy, and productive.  In order to best support that, AffiniPay provides award-winning benefits that can make a difference in your life - right now and for the future.

• All employees receive fully covered medical, dental and vision coverage - Choose from our 2 available health plans based on what fits you and/or your family!
• Have some fur babies? - We offer them insurance too!
• RELAX and enjoy your time away with our flexible paid time off policy! 
• We will help you plan for your future - 401K, or RRSP if in Canada, with a company match
• Competitive compensation packages that include mid-year and end-of-year bonuses and equity options for all full-time employees
• Health Wellness Program that includes nutrition consultations, mental health apps, and access to discounted memberships
• Have plans to grow your family? - Parental resources, including 16 weeks of paid time off for primary caregivers
• Professional development opportunities including mentorships, leadership programs and our AffiniPayU courses
• We believe it is important to give back with our Matching Gift Program and organized activities focused on donations, volunteerism and supporting the local communities throughout the country
• D&I initiatives provide educational opportunities regarding multicultural issues, tolerance, and celebrating diversity among our entire staff
• An incredible, in-office experience at our headquarters in Austin and San Diego including free lunch delivery, a fully stocked kitchen, and some “sweet” surprises for those afternoon pick-me-ups

Security Advisory

Our hiring teams at AffiniPay are dedicated to recruiting top talent that share our passion for serving the professional services industry through innovative financial technology.  As such, our Talent Acquisition Team only follows legitimate hiring practices.  We will always communicate with our candidates using emails with the AffiniPay domain and will never ask for sensitive/personal data during the application process.  All interviews take place over phone call, Zoom/Google Meet or in person.  All offers are communicated verbally by our Talent Acquisition Specialists with a written offer letter as a follow up.