Oportun is a mission-driven financial services company that empowers its members with intelligent borrowing, savings, and budgeting capabilities. The Senior Manager, Information Security Architecture & Engineering is responsible for defining and driving security practices across the organization, ensuring that security is integrated into all aspects of the technology lifecycle while fostering a culture of collaboration and high performance.
Responsibilities:
- Define and maintain secure application and infrastructure architecture frameworks, ensuring security is built-in from the outset
- Partner with engineering, DevOps, and technology teams to integrate security into SDLC, CI/CD, and data pipelines
- Own and oversee the vulnerability management program, ensuring risk-based remediation across all technology assets
- Enhance and scale an existing security design review service, providing structured security assessments for new and evolving systems and data
- Advocate for security as a service, building tools and processes that streamline secure development and system operations
- Act as a security advisor to engineering and technology operations, ensuring security aligns with business goals
- Collaborate with the Security Governance, Risk, and Compliance (GRC) team to align technical security requirements with regulatory and commercial requirements
- Champion a security-first culture, ensuring technical execution teams understand security risks, standards and best practices
Requirements:
- 10+ years of experience in security architecture, application security, infrastructure security, or related domains
- Strong background in cloud security (AWS, Azure, GCP), DevSecOps, and/or data security
- Experience leading a globally distributed team across time zones which relies heavily on asynchronous working and collaboration methods
- Experience leading and developing globally distributed security teams with a focus on professional growth and collaboration
- Experience designing security controls for data flows and distributed computing environments
- Hands-on expertise of secure software development practices, security testing methodologies, and threat modeling
- Strong cross-functional leadership with the ability to communicate security risks effectively to engineering, IT, and business stakeholders
- Experience of security frameworks and regulations (e.g., NIST CSF, PCI-DSS, GLBA)
- Bachelor's degree in Computer Science, Information Security, or related field
- Expertise in application security testing, threat modeling, bug bounty programs, and software security assessments
- Expertise in identity & access management (IAM), encryption, authentication, logging, and monitoring architectures
- Experience with GitHub, Wiz, Sentinel One and Okta
- Security certifications (CISSP, CISM, OSCP, AWS Security Specialty, or similar)
- Advanced degree in Computer Science, Information Security or related field