Head of Security & Infrastructure

About ARIVE

ARIVE is a privately held, founder-led, high-growth fintech company revolutionizing digital mortgage originations. We are building the industry’s first Wholesale Originations Marketplace - connecting brokers, lenders, borrowers, and service providers into one seamless platform.

Tens of thousands of independent loan originators depend on ARIVE every day to process sensitive financial data including PII and mortgage documents subject to GLBA, state privacy laws, and federal regulatory requirements. Our platform is the critical infrastructure that powers the mortgage broker ecosystem. We move fast, solve real problems, and build products that have meaningful impact across the mortgage ecosystem.

About the Role

We are looking for a Head of Security & Infrastructure - a hands-on, engineering-minded leader who will take ownership of ARIVE's cybersecurity posture, core platform security, cloud infrastructure, secure DevOps, endpoint protection, DLP, and internal business applications end-to-end. You will lead and develop a high-impact team while personally evaluating and driving solutions across each of these areas. You will lead global security across U.S. and India teams, drive cross-functional collaboration to execute security initiatives, implement SOC 2 controls, and maintain audit readiness, reporting directly to the CEO.

Key Responsibilities

Strategy & Leadership

• Lead and evolve ARIVE’s security and infrastructure strategy, roadmap, and posture.
• Lead, manage, and develop the existing security and infrastructure teams; serve as the executive-level decision maker on all security, infrastructure, and IT matters.
• Partner across all teams to embed security into workflows and practices, champion secure-by-design standards, and assess emerging AI-driven threats and opportunities across the security landscape.

Platform Security & Operations

• Lead the security of ARIVE’s core platform — ensuring protection of PII, mortgage data, and financial information at rest and in transit.
• Govern application security standards including secure code reviews, SAST/DAST, API security, and penetration testing programs.
• Govern authentication, authorization, and access control frameworks across all customer-facing and internal applications.
• Drive threat modeling and security reviews for new features, integrations, and third-party connections.
• Run a 24x7 security incident monitoring program across all platform, cloud, and endpoint environments.
• Mature the SIEM/SOAR program, lead incident response across all severity levels, and drive automation to improve MTTD/MTTR.
• Manage regular penetration tests, vulnerability assessments, and red-team engagements; track findings to closure.

Infrastructure, DevOps & Endpoint Protection

• Run and continuously improve ARIVE’s AWS cloud infrastructure, CI/CD pipelines, container orchestration, secrets management, and deployment automation across U.S. and India teams.
• Govern environment segregation, access controls, promotion workflows, and platform reliability.
• Define strategy to implement endpoint device and application protection enforcement, DLP, and enterprise security tooling standards across the organization.
• Drive vulnerability scanning programs; maintain risk registers and remediation SLAs.

IT Operations, Compliance & Risk Management

• Run IT operations including identity/access management and internal tooling across U.S. and India.
• Manage IT asset protection and lifecycle programs — procurement through secure disposal.
• Partner with the Director of Compliance to execute SOC 2 controls implementation and support audit readiness.
• Ensure GLBA and state privacy law adherence; lead vendor/third-party risk assessments and BC/DR planning.
• Define scalable IT policies, standards, and onboarding/offboarding workflows in collaboration with HR, Finance, and Operations.

What We’re Looking For

• 15+ years of hands-on experience spanning cybersecurity, cloud infrastructure/DevOps, and IT operations, with 5+ years of leadership experience leading and scaling teams.
• Proven track record building both a cybersecurity program and a cloud infrastructure/DevOps function at a high-growth company.
• Deep proficiency with: AWS (IaC, multi-environment architecture), CI/CD pipelines, container orchestration, SIEM/SOAR, Zscaler, Intune, Kandji, EDR/AV, Google Workspace DLP, Okta/Auth0, GitHub Advanced Security, and Wiz.io.
• Strong scripting/automation skills in Python, PowerShell, or Bash.
• Experience with multi-environment deployment strategies, Sev-1/Sev-2 incident response, and SOC 2 Type II audit environments.
• Experience securing distributed development teams across U.S. and offshore geographies.
• Fintech or tech startup experience strongly preferred; familiarity with GLBA and financial services compliance a plus.
• On the leading edge of AI technologies for security operations and infrastructure automation.
• Exceptional communicator — equally effective presenting to the CEO and getting hands-on-keyboard with the team.
• Bachelor’s in CS, Information Security, or equivalent experience. CISSP, GCIA, GCIH, OSCP, or AWS Solutions Architect certifications are a strong plus.

Compensation

Compensation: $220K-$300K cash compensation (base salary + performance bonus), depending on location and experience. Eligible for performance-based equity compensation.

Benefits: Comprehensive health, dental, and vision; 401(k); flexible PTO.

This position requires the successful completion of a thorough background check. All certifications will be verified.