Head of Security

We're seeking a Head of Security to own and evolve Avantos's security and compliance posture as we scale with enterprise financial services customers.

Company overview

Avantos is building the industry's first AI-native operating system for financial services, redefining how firms onboard clients, deliver advice, and manage core servicing workflows. Our platform unifies fragmented data, automates complex processes, and embeds intelligent decision-making across every step of the client lifecycle.

We partner with leading financial institutions and are scaling rapidly. We're an execution-driven, design-obsessed, product-led team composed of founders and leaders from Wharton, MIT, top design programs, and prior unicorn SaaS companies. We move fast, solve deep industry problems, and build technology that puts users back in control of their workflows.

If you love client impact, product design, complex problem solving, and bringing AI-enabled change to real-world businesses, Avantos is where you will thrive.

Job summary

We're seeking a Head of Security to own and evolve Avantos's security and compliance posture as we scale with enterprise financial services customers. This is a director-level, hands-on leadership role — ideal for someone who has built pragmatic security programs in modern cloud-native startups and knows how to balance rigor with execution speed.

You will be responsible for ensuring our platform, infrastructure, and internal processes meet the expectations of regulated enterprise customers today (SOC 2) while laying the groundwork for future expansion into additional regulatory environments, including the EU.

What you'll do

• Own and maintain our SOC 2 compliance program, including audits, evidence collection, control design, and continuous improvement
  
• Define a forward-looking security and compliance roadmap (e.g., GDPR, ISO 27001) aligned with company growth and customer needs
  
• Serve as the primary security leader and point of contact for executives, auditors, partners, and enterprise customers
  
• Design and enforce security best practices across our AWS-based, containerized (ECS) infrastructure, including strong isolation for our single-tenant-per-customer architecture
  
• Partner closely with engineering to embed security into system design, SDLC, and operational workflows
  
• Own incident response planning, tabletop exercises, and real-world response coordination
  
• Lead risk assessments, vendor security reviews, and customer security questionnaires
  
• Develop and maintain security policies, standards, and internal documentation appropriate for a regulated environment
  
• Promote a strong security culture through training, awareness, and cross-functional collaboration
  
• Act as a trusted advisor to the leadership team on security tradeoffs, risk, and investment priorities
  
• Over time, help scale security processes, tooling, and potentially team members as the company grows
  

Your skills will include

• 6–10+ years of experience in security, with leadership responsibility in a startup or high-growth SaaS environment
  
• Direct ownership of SOC 2 compliance in a cloud-native company
  
• Strong understanding of AWS security, IAM, networking, logging, and monitoring
  
• Experience securing containerized workloads (ECS, Kubernetes, or similar) and modern SaaS architectures
  
• Familiarity with secure software development practices and application security concepts
  
• Ability to translate regulatory and customer requirements into practical, implementable controls
  
• Strong communication skills — comfortable working with engineers, executives, auditors, and customers
  
• Pragmatic, business-aligned mindset focused on real risk reduction rather than checkbox compliance
• Relevant certifications (CISSP, CISM, CCSP)
• Experience in financial services or other highly regulated industries (working directly with enterprise security teams as a service provider)

Nice to haves

• Exposure to GDPR, ISO 27001, or international regulatory frameworks
  
• Experience supporting enterprise security reviews and customer-driven compliance requirements
  
• Familiarity with vulnerability management tooling, security monitoring, and cloud security posture management
• Familiarity with modern SaaS stacks and AI-enabled platforms

What we offer

• Competitive compensation + meaningful equity
  
• Opportunity to define and scale the security foundation of a rapidly growing AI platform in financial services
  
• Direct impact and visibility at the executive level
  
• A culture optimized for ownership, focus, and high-quality execution
  
• Remote work flexibility with a preference for NYC-based collaboration