Head of Security – Infrastructure

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

ARIVE

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2018

💸 Finance

☁️ SaaS

💳 Fintech

Finance • SaaS • Fintech

ARIVE is a comprehensive mortgage origination platform designed for independent mortgage brokers. It offers a streamlined, web-based solution to manage the entire loan origination process with ease and confidence. ARIVE combines multiple software solutions into a single platform to enhance pipeline management, provide instant pre-approvals, manage digital documents, and integrate with lender marketplaces for accurate product pricing and loan submissions. The platform supports contract processors and fosters a growing community by incorporating user feedback in bi-weekly updates and hosting interactive events. With ARIVE, mortgage professionals can improve efficiency, reduce costs, and leverage innovative technology in their workflows.

📋 Description

• Lead and evolve ARIVE’s security and infrastructure strategy, roadmap, and posture. • Lead, manage, and develop the existing security and infrastructure teams; serve as the executive-level decision maker on all security, infrastructure, and IT matters. • Partner across all teams to embed security into workflows and practices, champion secure-by-design standards, and assess emerging AI-driven threats and opportunities across the security landscape. • Lead the security of ARIVE’s core platform — ensuring protection of PII, mortgage data, and financial information at rest and in transit. • Govern application security standards including secure code reviews, SAST/DAST, API security, and penetration testing programs. • Govern authentication, authorization, and access control frameworks across all customer-facing and internal applications. • Drive threat modeling and security reviews for new features, integrations, and third-party connections. • Run a 24x7 security incident monitoring program across all platform, cloud, and endpoint environments. • Mature the SIEM/SOAR program, lead incident response across all severity levels, and drive automation to improve MTTD/MTTR. • Manage regular penetration tests, vulnerability assessments, and red-team engagements; track findings to closure. • Run and continuously improve ARIVE’s AWS cloud infrastructure, CI/CD pipelines, container orchestration, secrets management, and deployment automation across U.S. and India teams. • Govern environment segregation, access controls, promotion workflows, and platform reliability. • Define strategy to implement endpoint device and application protection enforcement, DLP, and enterprise security tooling standards across the organization. • Drive vulnerability scanning programs; maintain risk registers and remediation SLAs. • Run IT operations including identity/access management and internal tooling across U.S. and India. • Manage IT asset protection and lifecycle programs — procurement through secure disposal. • Partner with the Director of Compliance to execute SOC 2 controls implementation and support audit readiness. • Ensure GLBA and state privacy law adherence; lead vendor/third-party risk assessments and BC/DR planning. • Define scalable IT policies, standards, and onboarding/offboarding workflows in collaboration with HR, Finance, and Operations.

🎯 Requirements

• 15+ years of hands-on experience spanning cybersecurity, cloud infrastructure/DevOps, and IT operations, with 5+ years of leadership experience leading and scaling teams. • Proven track record building both a cybersecurity program and a cloud infrastructure/DevOps function at a high-growth company. • Deep proficiency with: AWS (IaC, multi-environment architecture), CI/CD pipelines, container orchestration, SIEM/SOAR, Zscaler, Intune, Kandji, EDR/AV, Google Workspace DLP, Okta/Auth0, GitHub Advanced Security, and Wiz.io. • Strong scripting/automation skills in Python, PowerShell, or Bash. • Experience with multi-environment deployment strategies, Sev-1/Sev-2 incident response, and SOC 2 Type II audit environments. • Experience securing distributed development teams across U.S. and offshore geographies. • Fintech or tech startup experience strongly preferred; familiarity with GLBA and financial services compliance a plus. • On the leading edge of AI technologies for security operations and infrastructure automation. • Exceptional communicator — equally effective presenting to the CEO and getting hands-on-keyboard with the team. • Bachelor’s in CS, Information Security, or equivalent experience. CISSP, GCIA, GCIH, OSCP, or AWS Solutions Architect certifications are a strong plus.

🏖️ Benefits

• Comprehensive health, dental, and vision • 401(k) • flexible PTO