Overview

Head of Security & Infrastructure Jobs in United States at ARIVE

Title: Head of Security & Infrastructure

Company: ARIVE

Location: United States

About ARIVE

ARIVE is a privately held, founder-led, high-growth fintech company revolutionizing digital mortgage originations. We are building the industry’s first Wholesale Originations Marketplace — connecting brokers, lenders, borrowers, and service providers into one seamless platform.

Tens of thousands of independent loan originators depend on ARIVE every day to process sensitive financial data including PII and mortgage documents subject to GLBA, state privacy laws, and federal regulatory requirements. Our platform is the critical infrastructure that powers the mortgage broker ecosystem. We move fast, solve real problems, and build products that have meaningful impact across the mortgage ecosystem.

About the Role

We are looking for a Head of Security & Infrastructure – a hands-on, engineering-minded leader who will take ownership of ARIVE’s cybersecurity posture, core platform security, cloud infrastructure, secure DevOps, endpoint protection, DLP, and internal business applications end-to-end. You will lead and develop a high-impact team while personally evaluating and driving solutions across each of these areas.

You will lead global security across U.S. and India teams, drive cross-functional collaboration to execute security initiatives, implement SOC 2 controls, and maintain audit readiness, reporting directly to the CEO.

Key Responsibilities

Strategy & Leadership

  • Lead and evolve ARIVE’s security and infrastructure strategy, roadmap, and posture.
  • Lead, manage, and develop the existing security and infrastructure teams; serve as the executive-level decision maker on all security, infrastructure, and IT matters.
  • Partner across all teams to embed security into workflows and practices, champion secure-by-design standards, assess emerging AI-driven threats, and evaluate and implement AI-agent based security models to proactively detect, respond to, and prevent evolving attack vectors.

Platform Security & Infrastructure

  • Lead the security of ARIVE’s core platform – ensuring protection of PII, mortgage data, and financial information at rest and in transit.
  • Oversee and continuously improve ARIVE’s AWS cloud infrastructure, CI/CD pipelines, container orchestration, secrets management, and deployment automation across U.S. and India teams.
  • Govern environment segregation, access controls, promotion workflows, and platform reliability.
  • Establish and oversee a 24×7 security incident monitoring program across all platforms, cloud, applications, and endpoint environments.
  • Mature the SIEM/SOAR program, lead incident response across all severity levels, and drive automation to improve MTTD/MTTR.
  • Manage regular penetration tests, vulnerability assessments, and red-team engagements; ensure findings are tracked to closure.
  • Strengthen defenses against software supply chain attacks — enforce dependency pinning, lockfile integrity, package provenance verification, CI/CD pipeline hardening, and runtime monitoring.

Corporate Security & Business Applications

  • Define strategy to implement endpoint device and application protection enforcement — including mobile security and secure containers – DLP, and enterprise security tooling standards across the organization.
  • Strengthen anti-phishing and social engineering defenses including email security controls, spear-phishing detection, and employee awareness programs.
  • Oversee IT operations including identity/access management and internal tooling across U.S. and India.
  • Manage IT asset protection and lifecycle programs – procurement through secure disposal.
  • Define scalable IT policies, standards, and onboarding/offboarding workflows in collaboration with HR, Finance, and Operations.
  • Partner with the Director of Compliance to execute SOC 2 controls implementation and support audit readiness.
  • Ensure GLBA and state privacy law adherence; lead vendor/third-party risk assessments and BC/DR planning.

Application Development Security

  • Govern application security standards including secure code reviews, SAST/DAST, API security, and penetration testing programs.
  • Govern authentication, authorization, and access control frameworks across all customer-facing and internal applications.
  • Drive threat modeling and security reviews for new features, integrations, and third-party connections.
  • Drive vulnerability scanning programs; ensure risk registers and remediation SLAs are maintained.

What We’re Looking For

  • 15+ years of experience in cybersecurity, cloud infrastructure, and IT operations – with at least 5 years in a leadership role leading and scaling security teams.
  • Bachelor’s in CS, Information Security, or equivalent experience. CISSP, GCIA, GCIH, OSCP, or AWS Solutions Architect certifications are a strong plus.
  • Proven track record of building and maturing a cybersecurity program and cloud infrastructure/DevOps function at a high-growth company.
  • Hands-on background in one or more security disciplines – platform security, security operations, application security, or infrastructure security – with the breadth to lead across.
  • Broad working knowledge of security and infrastructure platforms including AWS, CI/CD pipelines, SIEM/SOAR, endpoint protection, DLP, identity management (Okta/Auth0), and vulnerability management tools.
  • Familiarity with scripting and automation (Python, PowerShell, or Bash) to evaluate and guide team-built solutions.
  • Experience with multi-environment deployment strategies, Sev-1/Sev-2 incident response, and SOC 2 Type II audit environments.
  • Experience securing distributed development teams across U.S. and offshore geographies.
  • Fintech or tech startup experience strongly preferred; familiarity with GLBA and financial services compliance a plus.
  • On the leading edge of AI technologies including AI-agent based security tooling for threat detection, automated response, and infrastructure automation. Experience defending against software supply chain attacks is highly valued.
  • Exceptional communicator – equally effective presenting to the CEO and guiding technical direction with the team.

Compensation: $220K-$300K total cash compensation (base salary + performance bonus), depending on location and experience. Eligible for performance-based equity compensation.

Benefits: Comprehensive health, dental, and vision; 401(k); flexible PTO.

This position requires the successful completion of a thorough background check. All certifications will be verified.

Apply

Upload your CV/resume or any other relevant file. Max. file size: 800 MB.