Profiles search
Sara Hobe, Ph.D.
Information Security Manager at Affirm, Inc.
San Francisco, CA, United States
Details
Education:
Ph.D.
Ancient Greek
The University of Freiburg
2014 : 2018
M.A.
Classical Languages
University of Georgia - Franklin College of Arts and Sciences
2011 : 2013
B.A.
Classical Languages
University of California, Berkeley
2006 : 2010
Ancient Greek
The University of Freiburg
2014 : 2018
M.A.
Classical Languages
University of Georgia - Franklin College of Arts and Sciences
2011 : 2013
B.A.
Classical Languages
University of California, Berkeley
2006 : 2010
Experience:
Own and implement the security third party risk program at Affirm, leading a team of GRC specialists in its tactical implementation, including creating and refining workflows, and identifying and driving resolutions of risks associated with vendors and partners.
Lead a team in due diligence workflows and initiatives to provide assurance to existing and prospective merchants and strategic partners on the maturity of Affirm’s cybersecurity posture.
Design the strategic roadmap for security governance frameworks and standards across the enterprise, ensuring alignment with industry best practices such as NIST 800-53, NIST CSF, SOC 2, PCI DSS, GLBA, ISO-27001, and more.
Own and maintain enterprise-wide information security policies and procedures.
Partner with Legal, Privacy, Strategic Partnerships, and Procurement on the execution of information security terms in contracts.
2022 : Present
Affirm
Information Security Manager
Designed and developed the core framework and control inventory of Affirm’s Security Risk Management program tailored to Affirm’s cloud-native environment and founded on NIST 800-53 security and privacy controls.
Created from whole cloth, and drove the adoption of, information security policies and procedures in association with stakeholders in Legal, Engineering, Security, and IT.
Responsible for third-party information security risk, partnering with Enterprise Risk, Privacy, Procurement and others to form business-wide frameworks and workflows.
Collaborated with Legal on merchant and vendor contracts pertaining to information security, confidentiality, and compliance.
2021 : 2022
Affirm
Staff GRC Specialist
Managed and improved processes for bank partner audits and regulatory audits encompassing security domains of identity and access management, risk management, data security, network security, secure software development, program management, cybersecurity threat response, and more.
Owned and project-managed PCI DSS audits for 2020 and 2021 from preparations phase through ROC issuance.
Responsible for third-party information security risk, identifying and identifying and developing plans for control gaps found in vendor and partner security programs.
2020 : 2021
Affirm, Inc.
Senior GRC Specialist
Developed, communicated, and implemented Company's Data Protection Program by collaborating cross-functionally with stakeholders; provided interpretation, analysis and advisement on the GDPR, CCPA, VPPA, and COPPA, as well as the self-regulatory regimes of the IAB and NAI and industry best practices.
Strategically leveraged information, resources and relationships to introduce technical and operational privacy solutions that protected the company while minimizing business burden.
Organized and drove companywide audits for global privacy and infosec certifications and standards; drafted and maintained documentation on the company's privacy and infosec practices through regular interdepartmental communication.
Supervised interns on both independent and team projects, defining deliverables and timeline and providing actionable feedback and guidance.
Spearheaded, conceptualized, and managed privacy conference, “Data Protection in the 2020s : Industry Symposium on the CCPA” (Oct. 2019).
2018 : 2019
Samba TV
Data Protection Manager
2016 : 2017
University of Freiburg
Graduate Instructor
Lead a team in due diligence workflows and initiatives to provide assurance to existing and prospective merchants and strategic partners on the maturity of Affirm’s cybersecurity posture.
Design the strategic roadmap for security governance frameworks and standards across the enterprise, ensuring alignment with industry best practices such as NIST 800-53, NIST CSF, SOC 2, PCI DSS, GLBA, ISO-27001, and more.
Own and maintain enterprise-wide information security policies and procedures.
Partner with Legal, Privacy, Strategic Partnerships, and Procurement on the execution of information security terms in contracts.
2022 : Present
Affirm
Information Security Manager
Designed and developed the core framework and control inventory of Affirm’s Security Risk Management program tailored to Affirm’s cloud-native environment and founded on NIST 800-53 security and privacy controls.
Created from whole cloth, and drove the adoption of, information security policies and procedures in association with stakeholders in Legal, Engineering, Security, and IT.
Responsible for third-party information security risk, partnering with Enterprise Risk, Privacy, Procurement and others to form business-wide frameworks and workflows.
Collaborated with Legal on merchant and vendor contracts pertaining to information security, confidentiality, and compliance.
2021 : 2022
Affirm
Staff GRC Specialist
Managed and improved processes for bank partner audits and regulatory audits encompassing security domains of identity and access management, risk management, data security, network security, secure software development, program management, cybersecurity threat response, and more.
Owned and project-managed PCI DSS audits for 2020 and 2021 from preparations phase through ROC issuance.
Responsible for third-party information security risk, identifying and identifying and developing plans for control gaps found in vendor and partner security programs.
2020 : 2021
Affirm, Inc.
Senior GRC Specialist
Developed, communicated, and implemented Company's Data Protection Program by collaborating cross-functionally with stakeholders; provided interpretation, analysis and advisement on the GDPR, CCPA, VPPA, and COPPA, as well as the self-regulatory regimes of the IAB and NAI and industry best practices.
Strategically leveraged information, resources and relationships to introduce technical and operational privacy solutions that protected the company while minimizing business burden.
Organized and drove companywide audits for global privacy and infosec certifications and standards; drafted and maintained documentation on the company's privacy and infosec practices through regular interdepartmental communication.
Supervised interns on both independent and team projects, defining deliverables and timeline and providing actionable feedback and guidance.
Spearheaded, conceptualized, and managed privacy conference, “Data Protection in the 2020s : Industry Symposium on the CCPA” (Oct. 2019).
2018 : 2019
Samba TV
Data Protection Manager
2016 : 2017
University of Freiburg
Graduate Instructor
Company:
Affirm
Years of Experience:
8
Spoken Language:
English, French, German, Greek, Ancient (to 1453), Latin
Skills
Communication, Conference Organization, Data Privacy, Higher Education, Information Security, Intercultural Relations, International Project Management, Program Management, Project Management, Public Speaking, Research, Risk Management, University Teaching
Profile Photo
