Senior Manager, Information Security Architecture & Engineering - Remote
Company: Oportun
Location: San Diego
Posted on: January 26, 2026
|
|
|
Job Description:
About Oportun Oportun (Nasdaq: OPRT) is a mission-driven fintech
that puts its members financial goals within reach. With
intelligent borrowing, savings, and budgeting capabilities, Oportun
empowers members with the confidence to build a better financial
future. Since inception, Oportun has provided more than $19.7
billion in responsible and affordable credit, saved its members
more than $2.4 billion in interest and fees, and helped its members
save an average of more than $1,800 annually. Oportun has been
certified as a Community Development Financial Institution (CDFI)
since 2009. Working at Oportun Working at Oportun means enjoying a
differentiated experience of being part of a team that fosters a
diverse, equitable and inclusive culture where we all feel a sense
of belonging and are encouraged to share our perspectives. This
inclusive culture is directly connected to our organizations
performance and ability to fulfill our mission of delivering
affordable credit to those left out of the financial mainstream. We
celebrate and nurture our inclusive culture through our employee
resource groups. Position Overview We are seeking a Senior Manager,
Information Security Architecture & Engineering to serve as a key
security leader within our organization. This role is responsible
for defining and driving platform, application and data security,
including designing and reinforcing secure-by-design principles,
effective data protection and handling, identity and access
management standards, and vulnerability management across the
enterprise. Acting primarily as a second-line of defense, this
leader ensures security best practices are embedded into our CI/CD,
SDLC, data pipelines, and platform. Beyond technical expertise,
this role demands strong leadership to both manage a team of
security experts, as well as drive initiatives across teams and
functions. The ideal candidate will foster a culture of
collaboration, continuous learning, and high performance,
prioritizing kindness, integrity, and transparency in leadership.
This individual will view security as a business enabler, creating
services that empower developers and system owners to iterate
rapidly while maintaining strong and pragmatic security controls.
Responsibilities Define and maintain secure application and
infrastructure architecture frameworks, ensuring security is
built-in from the outset Partner with engineering, DevOps, and
technology teams to integrate security into SDLC, CI/CD, and data
pipelines Own and oversee the vulnerability management program,
ensuring risk-based remediation across all technology assets
Enhance and scale an existing security design review service,
providing structured security assessments for new and evolving
systems and data Advocate for security as a service, building tools
and processes that streamline secure development and system
operations Act as a security advisor to engineering and technology
operations, ensuring security aligns with business goals
Collaborate with the Security Governance, Risk, and Compliance
(GRC) team to align technical security requirements with regulatory
and commercial requirements Champion a security-first culture,
ensuring technical execution teams understand security risks,
standards and best practices Requirements 10 years of experience in
security architecture, application security, infrastructure
security, or related domains Strong background in cloud security
(AWS, Azure, GCP), DevSecOps, and/or data security Experience
leading a globally distributed team across time zones which relies
heavily on asynchronous working and collaboration methods
Experience leading and developing globally distributed security
teams with a focus on professional growth and collaboration
Experience designing security controls for data flows and
distributed computing environments Hands-on expertise of secure
software development practices, security testing methodologies, and
threat modeling Strong cross-functional leadership with the ability
to communicate security risks effectively to engineering, IT, and
business stakeholders Experience of security frameworks and
regulations (e.g., NIST CSF, PCI-DSS, GLBA) Bachelors degree in
Computer Science, Information Security, or related field Preferred
Qualifications Expertise in application security testing, threat
modeling, bug bounty programs, and software security assessments
Expertise in identity & access management (IAM), encryption,
authentication, logging, and monitoring architectures Experience
with GitHub, Wiz, Sentinel One and Okta Security certifications
(CISSP, CISM, OSCP, AWS Security Specialty, or similar) Advanced
degree in Computer Science, Information Security or related field
The US base hourly range for this full-time position is $166,400
-266,200. Our salary ranges are determined by role, level, and
location. The range displayed on each job posting reflects a
national minimum and maximum range for new hire salaries for this
position. Within this range, individual pay is determined by work
location and additional factors, such as job-related skills,
experience, and relevant education or training. Your recruiter can
share more about the specific salary range that meets your criteria
during the hiring process. Please note that the compensation range
listed in this posting reflects only the base salary for this
position and does not include other compensation elements or
benefits. We are proud to be an Equal Opportunity Employer and
consider all qualified applicants for employment opportunities
without regard to race, age, color, religion, gender, national
origin, disability, sexual orientation, veteran status or any other
category protected by the laws or regulations in the locations
where we operate. We will never request personal identifiable
information (bank, credit card, etc.) before you are hired. We do
not charge you for pre-employment fees such as background checks,
training, or equipment. If you think you have been a victim of
fraud by someone posing as us, please report your experience to the
FBI’s Internet Crime Complaint Center (IC3).
Keywords: Oportun, Downey , Senior Manager, Information Security Architecture & Engineering - Remote, IT / Software / Systems , San Diego, California
