<div class="content-intro"><h3 style="margin: 0in;"><span style="font-size: 12pt;"><strong><span style="font-family: 'Arial',sans-serif; color: black;">ABOUT OPORTUN<br><br></span></strong></span></h3><p style="margin: 0in; text-align: justify;"><span style="font-size: 12pt;">Oportun (Nasdaq: OPRT) is a mission-driven fintech that puts its members' financial goals within reach. With intelligent borrowing, savings, and budgeting capabilities, Oportun empowers members with the confidence to build a better financial future. Since inception, Oportun has provided more than $19.7 billion in responsible and affordable credit, saved its members more than $2.4 billion in interest and fees, and helped its members save an average of more than $1,800 annually. Oportun has been certified as a Community Development Financial Institution (CDFI) since 2009.</span></p><p style="margin: 0in; text-align: justify;"><span style="font-family: Arial, sans-serif; color: black; font-size: 12pt;"> </span></p><h3 style="margin: 0in; text-align: justify;"><span style="font-size: 12pt;"><strong><span style="font-family: 'Arial',sans-serif; color: black;">WORKING AT OPORTUN</span></strong></span></h3><p style="margin: 0in; text-align: justify;"><span style="font-size: 12pt; font-family: arial, helvetica, sans-serif;"><br>Working at Oportun means enjoying a differentiated experience of being part of a team that fosters a diverse, equitable and inclusive culture where we all feel a sense of belonging and are encouraged to share our perspectives. This inclusive culture is directly connected to our organization's performance and ability to fulfill our mission of delivering affordable credit to those left out of the financial mainstream. We celebrate and nurture our inclusive culture through our employee resource groups.</span></p></div><p style="text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>POSITION OVERVIEW</strong></span></p><p style="text-align: justify;"><br><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">We are seeking a Senior Manager, Information Security Architecture & Engineering to serve as a key security leader within our organization. This role is responsible for defining and driving platform, application and data security, including designing and reinforcing secure-by-design principles, effective data protection and handling, identity and access management standards, and vulnerability management across the enterprise. Acting primarily as a second-line of defense, this leader ensures security best practices are embedded into our CI/CD, SDLC, data pipelines, and platform.</span></p><p style="text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Beyond technical expertise, this role demands strong leadership to both manage a team of security experts, as well as drive initiatives across teams and functions. The ideal candidate will foster a culture of collaboration, continuous learning, and high performance, prioritizing kindness, integrity, and transparency in leadership. This individual will view security as a business enabler, creating services that empower developers and system owners to iterate rapidly while maintaining strong and pragmatic security controls.</span></p><p style="text-align: justify;"> </p><p style="text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>RESPONSIBILITIES</strong></span></p><ul style="text-align: justify;"><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Define and maintain secure application and infrastructure architecture frameworks, ensuring security is built-in from the outset</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Partner with engineering, DevOps, and technology teams to integrate security into SDLC, CI/CD, and data pipelines</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Own and oversee the vulnerability management program, ensuring risk-based remediation across all technology assets</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Enhance and scale an existing security design review service, providing structured security assessments for new and evolving systems and data</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Advocate for security as a service, building tools and processes that streamline secure development and system operations</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Act as a security advisor to engineering and technology operations, ensuring security aligns with business goals</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Collaborate with the Security Governance, Risk, and Compliance (GRC) team to align technical security requirements with regulatory and commercial requirements</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Champion a security-first culture, ensuring technical execution teams understand security risks, standards and best practices</span></li></ul><p style="text-align: justify;"> </p><p style="text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>REQUIREMENTS</strong></span></p><ul style="text-align: justify;"><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">10+ years of experience in security architecture, application security, infrastructure security, or related domains</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong background in cloud security (AWS, Azure, GCP), DevSecOps, and/or data security</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience leading a globally distributed team across time zones which relies heavily on asynchronous working and collaboration methods</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience leading and developing globally distributed security teams with a focus on professional growth and collaboration</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience designing security controls for data flows and distributed computing environments</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Hands-on expertise of secure software development practices, security testing methodologies, and threat modeling</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong cross-functional leadership with the ability to communicate security risks effectively to engineering, IT, and business stakeholders</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience of security frameworks and regulations (e.g., NIST CSF, PCI-DSS, GLBA)</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Bachelor's degree in Computer Science, Information Security, or related field</span></li></ul><p style="text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Preferred Qualifications</span></p><ul><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Expertise in application security testing, threat modeling, bug bounty programs, and software security assessments</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Expertise in identity & access management (IAM), encryption, authentication, logging, and monitoring architectures</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience with GitHub, Wiz, Sentinel One and Okta</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Security certifications (CISSP, CISM, OSCP, AWS Security Specialty, or similar)</span></li><li style="font-family: arial, helvetica, sans-serif; font-size: 12pt; text-align: justify;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Advanced degree in Computer Science, Information Security or related field</span></li></ul><p> </p><p><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"></span></p><p data-pm-slice="1 1 []">The US base hourly range for this full-time position is $166,400 -266,200.</p><p>Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects a national minimum and maximum range for new hire salaries for this position.</p><p>Within this range, individual pay is determined by work location and additional factors, such as job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range that meets your criteria during the hiring process.</p><p>Please note that the compensation range listed in this posting reflects only the base salary for this position and does not include other compensation elements or benefits.<span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"></span></p><p> </p><p><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(255, 255, 255);">#LI-REMOTE</span></p><p><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: rgb(255, 255, 255);">#LI-RR1</span></p><div class="content-conclusion"><p style="margin: 0in; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 12pt;">We are proud to be an Equal Opportunity Employer and consider all qualified applicants for employment opportunities without regard to race, age, color, religion, gender, national origin, disability, sexual orientation, veteran status or any other category protected by the laws or regulations in the locations where we operate.</span></p><p style="margin: 0in; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 12pt;"> </span></p><p style="margin: 0in; text-align: justify;"><span style="font-family: Arial, sans-serif; font-size: 12pt;">California applicants can find a copy of Oportun's CCPA Notice here: <a href="https://oportun.com/privacy/california-privacy-notice/">https://oportun.com/privacy/california-privacy-notice/</a>.</span></p><p style="margin: 0in; text-align: justify;"><span style="font-size: 12pt; font-family: Calibri, sans-serif;"> </span></p><p style="margin: 0in; text-align: justify;"><span style="font-size: 12pt; font-family: arial, helvetica, sans-serif;">We will never request personal identifiable information (bank, credit card, etc.) before you are hired. We do not charge you for pre-employment fees such as background checks, training, or equipment. If you think you have been a victim of fraud by someone posing as us, please report your experience to the FBI’s Internet Crime Complaint Center (IC3).</span></p></div>