Head of Security & Infrastructure

About The Position

Requirements

• 15+ years of hands-on experience spanning cybersecurity, cloud infrastructure/DevOps, and IT operations, with 5+ years of leadership experience leading and scaling teams.
• Proven track record building both a cybersecurity program and a cloud infrastructure/DevOps function at a high-growth company.
• Deep proficiency with: AWS (IaC, multi-environment architecture), CI/CD pipelines, container orchestration, SIEM/SOAR, Zscaler, Intune, Kandji, EDR/AV, Google Workspace DLP, Okta/Auth0, GitHub Advanced Security, and Wiz.io.
• Strong scripting/automation skills in Python, PowerShell, or Bash.
• Experience with multi-environment deployment strategies, Sev-1/Sev-2 incident response, and SOC 2 Type II audit environments.
• Experience securing distributed development teams across U.S. and offshore geographies.
• Exceptional communicator — equally effective presenting to the CEO and getting hands-on-keyboard with the team.
• Bachelor’s in CS, Information Security, or equivalent experience.

Nice To Haves

• Fintech or tech startup experience strongly preferred; familiarity with GLBA and financial services compliance a plus.
• On the leading edge of AI technologies for security operations and infrastructure automation.
• CISSP, GCIA, GCIH, OSCP, or AWS Solutions Architect certifications are a strong plus.

Responsibilities

• Lead and evolve ARIVE’s security and infrastructure strategy, roadmap, and posture.
• Lead, manage, and develop the existing security and infrastructure teams; serve as the executive-level decision maker on all security, infrastructure, and IT matters.
• Partner across all teams to embed security into workflows and practices, champion secure-by-design standards, and assess emerging AI-driven threats and opportunities across the security landscape.
• Lead the security of ARIVE’s core platform — ensuring protection of PII, mortgage data, and financial information at rest and in transit.
• Govern application security standards including secure code reviews, SAST/DAST, API security, and penetration testing programs.
• Govern authentication, authorization, and access control frameworks across all customer-facing and internal applications.
• Drive threat modeling and security reviews for new features, integrations, and third-party connections.
• Run a 24x7 security incident monitoring program across all platform, cloud, and endpoint environments.
• Mature the SIEM/SOAR program, lead incident response across all severity levels, and drive automation to improve MTTD/MTTR.
• Manage regular penetration tests, vulnerability assessments, and red-team engagements; track findings to closure.
• Run and continuously improve ARIVE’s AWS cloud infrastructure, CI/CD pipelines, container orchestration, secrets management, and deployment automation across U.S. and India teams.
• Govern environment segregation, access controls, promotion workflows, and platform reliability.
• Define strategy to implement endpoint device and application protection enforcement, DLP, and enterprise security tooling standards across the organization.
• Drive vulnerability scanning programs; maintain risk registers and remediation SLAs.
• Run IT operations including identity/access management and internal tooling across U.S. and India.
• Manage IT asset protection and lifecycle programs — procurement through secure disposal.
• Partner with the Director of Compliance to execute SOC 2 controls implementation and support audit readiness.
• Ensure GLBA and state privacy law adherence; lead vendor/third-party risk assessments and BC/DR planning.
• Define scalable IT policies, standards, and onboarding/offboarding workflows in collaboration with HR, Finance, and Operations.

Benefits

• Comprehensive health, dental, and vision
• 401(k)
• flexible PTO
• Eligible for performance-based equity compensation.