Head of Security Engineering - Senior Vice President

iCapital is looking for a Head of Security Engineering to lead and evolve our security engineering function within a regulated financial services environment. This role combines strong technical depth, hands-on operational capability, and team leadership, ensuring our security architecture, tooling, and processes are scalable, resilient, and aligned with regulatory expectations.

You will manage a team of security engineers while remaining actively engaged in technical problem-solving, including supporting incident investigations and shaping secure architecture. You will partner closely with Engineering, DevOps, Infrastructure, and Technology/Development teams to embed security across the software development lifecycle and cloud environments.

  Leadership & Team Management

• →Lead, mentor, and develop a team of ~5 security engineers across multiple domains
• →Define team priorities and execute against the security engineering roadmap
• →Foster a culture of ownership, automation, and continuous improvement
• →Partner with the CISO and senior stakeholders on strategy, reporting, and risk alignment

  Security Architecture & Engineering

• →Own and evolve the firm’s security architecture and technology stack, including:
  • →Cloud security (AWS/Azure/GCP, including CSPM/CNAPP)
  • →Identity & Access Management (IAM), SSO, and Privileged Access Management (PAM)
  • →SIEM, detection engineering, and logging architecture
  • →CASB / SaaS security controls
  • →Data protection (DLP, DSPM, encryption, key management)
  • →Network security (firewalls, segmentation, zero trust architecture)
• →Design and implement secure, scalable, cloud-native architectures
• →Evaluate, select, and rationalize security tools and vendors

  Cloud & Infrastructure Security

• →Define and enforce security standards across:
• →Cloud environments (AWS/Azure/GCP)
• →Containers and orchestration platforms (e.g., Kubernetes, Docker)
• →Infrastructure as Code (Terraform, CloudFormation)
• →Implement least privilege access models and zero trust principles

  DevSecOps & Secure Development

• Work closely with Engineering and DevOps teams to:
• Embed security into CI/CD pipelines and Infrastructure as Code (IaC)
• Implement secure coding practices and secrets management
• Perform threat modeling and secure design reviews
• Champion DevSecOps principles and shift-left security practices

  Automation & Engineering Excellence

• Drive security automation and orchestration (SOAR) to scale operations
• Utilize scripting and programming (e.g., Python, PowerShell, Bash) to:
• Automate workflows
• Integrate tools
• Enhance detection and response capabilities
  
  

Define and report on security KPIs and KRIs to the CISO and senior leadership

• 10+ years of experience in information security or security engineering
• Proven experience leading and managing technical security teams
• Strong hands-on expertise across:
  • Cloud security (AWS/Azure/GCP)
  • Identity and access management (IAM/PAM)
  • SIEM and detection engineering
  • Network and infrastructure security
  • Data protection technologies (DLP, DSPM, encryption)
• Experience working closely with SOC teams and incident response
• Demonstrated ability to partner with engineering and DevOps teams
• CISSP (required)
• Additional certifications preferred:
  • CCSP, AWS/Azure Security certifications
  • GIAC (e.g., GCIA, GCIH) or equivalent

• Strong balance of technical depth and leadership capability
• Hands-on, pragmatic approach with the ability to dive into details when needed
• Experience implementing Zero Trust architectures
• Proficiency in scripting/automation (Python, PowerShell, etc.)
• Strong understanding of threat detection and adversary tactics
• Excellent communication skills with the ability to influence stakeholders at all levels
• Experience operating in regulated financial services environments

• Strong verbal and written communication skills
• Fluent in Portuguese and English

Employees in this role will work fully remote. Every department has different needs, and some positions will be designated in-office jobs, based on their function.