Head of Security – Infrastructure

This is a fully remote position, open to applicants in United States.

📋 Description

• Spearhead and advance ARIVE’s security and infrastructure strategy, roadmap, and overall posture.

• Oversee, manage, and develop the current security and infrastructure teams; act as the executive decision maker for all security, infrastructure, and IT-related matters.

• Collaborate with all teams to integrate security into workflows and practices, advocate for secure-by-design standards, and evaluate emerging AI-driven threats and opportunities within the security landscape.

• Ensure the security of ARIVE’s core platform — safeguarding PII, mortgage data, and financial information both at rest and during transit.

• Establish application security standards, including secure code reviews, SAST/DAST, API security, and penetration testing programs.

• Oversee authentication, authorization, and access control frameworks for all customer-facing and internal applications.

• Facilitate threat modeling and security reviews for new features, integrations, and third-party connections.

• Manage a 24x7 security incident monitoring program across all platform, cloud, and endpoint environments.

• Enhance the SIEM/SOAR program, lead incident response efforts across all severity levels, and drive automation to optimize MTTD/MTTR.

• Conduct regular penetration tests, vulnerability assessments, and red-team engagements; ensure tracking of findings to resolution.

• Operate and continuously enhance ARIVE’s AWS cloud infrastructure, CI/CD pipelines, container orchestration, secrets management, and deployment automation for teams in the U.S. and India.

• Govern environment segregation, access controls, promotion workflows, and platform reliability.

• Formulate a strategy for implementing endpoint device and application protection enforcement, DLP, and enterprise security tooling standards across the organization.

• Lead vulnerability scanning programs; maintain risk registers and remediation service-level agreements (SLAs).

• Oversee IT operations, including identity/access management and internal tooling across U.S. and India.

• Manage IT asset protection and lifecycle programs — from procurement through secure disposal.

• Collaborate with the Director of Compliance to implement SOC 2 controls and support audit readiness.

• Ensure compliance with GLBA and state privacy laws; lead vendor/third-party risk assessments and business continuity/disaster recovery (BC/DR) planning.

• Define scalable IT policies, standards, and onboarding/offboarding workflows in partnership with HR, Finance, and Operations.

⛳️ Requirements

• 15+ years of practical experience in cybersecurity, cloud infrastructure/DevOps, and IT operations, with 5+ years in leadership roles focused on team development and scaling.

• Proven success in establishing both a cybersecurity program and a cloud infrastructure/DevOps function in a high-growth company.

• In-depth expertise in: AWS (IaC, multi-environment architecture), CI/CD pipelines, container orchestration, SIEM/SOAR, Zscaler, Intune, Kandji, EDR/AV, Google Workspace DLP, Okta/Auth0, GitHub Advanced Security, and Wiz.io.

• Strong automation/scripting skills in Python, PowerShell, or Bash.

• Experience with multi-environment deployment strategies, Sev-1/Sev-2 incident response, and SOC 2 Type II audit environments.

• Proven experience in securing distributed development teams across U.S. and offshore locations.

• Preferred experience in fintech or tech startups; familiarity with GLBA and financial services compliance is a bonus.

• On the forefront of AI technologies for security operations and infrastructure automation.

• Outstanding communicator — effective in presenting to the CEO while also being hands-on with the team.

• Bachelor’s degree in Computer Science, Information Security, or equivalent experience. Certifications such as CISSP, GCIA, GCIH, OSCP, or AWS Solutions Architect are highly desirable.

🏝️ Benefits

• Comprehensive health, dental, and vision coverage.

• 401(k) plan.

• Flexible paid time off (PTO).