Head of Platform & Security

Opto Investments•San Francisco, CA

About The Position

Opto is seeking a Head of Platform & Security to lead the reliability, security, and operational excellence of its technology platform. This senior leadership role involves partnering with the CTO to define and execute the company's security strategy, while managing a team of four engineers across infrastructure, security, DevOps, and internal IT. The position requires end-to-end ownership of the enterprise and application security program, ensuring the platform meets the high standards required by wealth managers and financial institutions. This is a critical role for Opto's growth, focused on advancing the security program by hardening policies, processes, and tooling, improving compliance maturity, and ensuring the platform engineering team delivers exceptional reliability and operational excellence. The company's tech stack includes React-based Next.js Typescript applications, Python REST API services hosted in AWS, AWS Lambda, and Snowflake for data warehousing. Deployments are fully automated and occur multiple times daily. The tech stack is continuously evolving with a focus on modularity, scalability, and team-level service ownership.

Requirements

4-year degree in Computer Science, Engineering, or a related technical field (or equivalent work experience).
5+ years of professional experience in Information Security.
5+ years in software engineering, SRE, DevOps, or a closely related technical discipline.
Experience managing compliance with SOC 2, ISO 27001, and/or PCI standards.
Experience building and managing engineering or security teams.
Experience with cloud-native architectures, particularly AWS.
Familiarity with the full software development lifecycle (CI/CD, Git, etc.).
Strong preference for automation and tooling over manual processes.
Comfort with ambiguity and the ability to execute in a fast-paced startup environment.
Excellent written, verbal, and interpersonal communication skills — equally effective with engineers, executives, and enterprise clients.

Nice To Haves

Background in financial services or fintech.
Experience operating in a SaaS startup environment.

Responsibilities

Own Opto's enterprise and platform security posture across all applications, services, business tools, and processes.
Maintain Opto's SOC 2 Type 2 audit reports, ensuring ongoing compliance and readiness for annual assessments.
Continuously improve programs for security incident management, vulnerability management, penetration testing, network security, authentication and authorization, system access control, data privacy and governance, encryption and certificate management, and threat detection.
Define and monitor compliance with internal security policies, including MDM, SSO/MFA/RBAC, VPN/zero trust, and data governance.
Partner with Legal to establish a comprehensive security and compliance program, ensuring appropriate processes, documentation, and staffing are in place with no single points of failure.
Promote a culture of security across the organization.
Represent Opto's security program externally to customers, prospects, and investors, including responding to security audits and due diligence questionnaires (DDQs).
Lead, mentor, and grow a four-person platform engineering team (infrastructure, security, DevOps, internal IT).
Maintain team roadmap and backlog in cooperation with engineering leadership and product stakeholders.
Keep stakeholders informed of key milestones, risks, reprioritizations, and escalations.
Provide technical direction on platform architecture decisions, tooling choices, and engineering standards.
Own the internal IT function, ensuring employees get the support they need.
Work with engineering leadership and Recruiting to ensure the team is properly resourced.
Contribute directly to technical projects as bandwidth allows (up to 50% of your time).
Foster a collegial, trust-filled, and high-accountability team environment.