Security Operations Manager

OppFi is a leading tech-enabled digital finance platform that works with banks to provide financial products and services for everyday Americans. Through a transparent and responsible platform, which includes financial inclusion and excellent customer experience, the Company supports consumers who are turned away by mainstream options to build better financial health.

We are a team of caring, innovative, and inclusive individuals who thrive in being immersed in diverse talents, expertise, perspectives, and backgrounds. Our employees approach every new challenge with an unparalleled ability to see what could be rather than settle for what is. Our business principles guide us and create an open and collaborative culture where we improve 1% every day, and the best ideas always win! We welcome individuals who want to make an impact in the financial system by facilitating credit access, expanding financial inclusion, promoting financial health, and delivering exceptional customer service.

A few other fun facts about us. OppFi is one of the top consumer-rated financial platforms online, maintaining a 4.5/5.0-star rating on Trustpilot. We are a 2025 Crain’s Fast 50™ company and were named on Built In's 2025 Best Places to Work in Chicago.

About the Role

As Security Operations Manager, you will lead OppFi’s internal security operations team and be responsible for the end-to-end execution of our enterprise security monitoring, incident response, and threat management programs. You will serve as the primary point of coordination with our third-party SOC provider, ensuring seamless collaboration, accountability, and actionable outcomes. This role requires a hands-on leader with a deep understanding of network and cloud security, modern security tooling, and the ability to drive risk mitigation across a complex technology environment.

You will define and own the operational security roadmap, oversee incident response protocols, and ensure that internal controls and external partnerships are aligned to deliver measurable improvements in security posture.

Key Responsibilities

• Lead and manage the internal security operations team, providing mentorship, technical guidance, and performance management.
• Own and drive the vulnerability management program, from tool selection and deployment (e.g., Tenable, Qualys) to triage, remediation coordination, and executive reporting.
• Serve as the primary liaison with the third-party SOC provider; ensure efficient escalation, investigation, and resolution of security alerts.
• Oversee and refine the incident response process, including preparation, detection, containment, eradication, recovery, and post-mortem.
• Maintain and evolve the security infrastructure roadmap across firewalls, IDS/IPS, EDR, SIEM, SOAR, and endpoint protection platforms.
• Collaborate with DevOps, IT, and Infrastructure teams to embed security into deployments and system architecture.
• Monitor the threat landscape and proactively adapt detection capabilities and playbooks in alignment with current attack vectors and the MITRE ATT&CK framework.
• Ensure alignment of security operations with regulatory, legal, and compliance requirements (e.g., PCI-DSS, NIST, FTC Safeguards).
• Deliver clear, risk-based reporting to senior leadership and support audit, compliance, and customer assurance requests.

What You Bring to the Team

●     Leadership & Collaboration

• Minimum of 10 years of experience in information security, including 5 years in a managerial or team lead role overseeing security operations.
• Track record of building and leading high-performing security operations teams.
• Ability to work cross-functionally with DevOps, Infrastructure, Legal, and Product to integrate security into business processes.

●     Security Operations & Incident Response

• Proven experience leading internal security operations, coordinating incident response efforts, and working with third-party SOCs.
• Strong knowledge of threat detection, threat hunting, and response methodologies aligned to frameworks like MITRE ATT&CK.
• Experience developing and executing security incident playbooks and post-incident reviews.

●     Network & Infrastructure Security

• Deep knowledge of network protocols, segmentation strategies, firewall policies, IDS/IPS tuning, and switch configurations.
• Familiarity with secure configurations across hybrid environments (data center, SaaS, and IaaS).
• Experience implementing and managing endpoint security tools and network access controls (e.g., NAC, VPNs, EDR).

●     Cloud & IAM Security

• Hands-on expertise securing AWS or Azure environments, including implementation of IAM, RBAC, MFA, and logging strategies.
• Understanding of cloud-native security controls and their integration into centralized monitoring systems.

●     Security Tooling & Automation

• Operational experience with security tools such as SIEM (e.g., Splunk, Sumo Logic), EDR/XDR platforms, and vulnerability scanners (e.g., Tenable, Qualys).
• Demonstrated ability to automate repetitive tasks using SOAR platforms or scripting (e.g., Python, Bash).

●     Compliance & Risk Management

• Familiarity with security and control frameworks including NIST CSF, PCI-DSS, ISO 27001, SOX, and FTC Safeguards.
• Skilled in translating compliance requirements into enforceable security controls and audit-ready documentation.

●     Communication Skills

• Strong communicator capable of presenting technical security risks, incidents, and program updates to executive and non-technical stakeholders.
• Skilled in translating threat intelligence and technical findings into business-impact terms.
  Reports to: Director, Security Engineering

Job Level:  Manager

EEO Statement:

OppFi is an equal opportunity employer and does not discriminate based on any actual or perceived legally recognized protected bases under local, state, federal law, or regulations. Our goal as a company is to build an equitable workplace that actively works to dismantle systems of oppression in our processes, procedures, and interactions. We aim to help our employees thrive where they work and beyond. Check out our Culture page here.

As part of OppFi’s commitment to providing equal opportunity to qualified individuals, OppFi will ensure that persons with disabilities are provided reasonable accommodation as defined by applicable laws and organizational policies. If reasonable accommodation is needed to participate in the job application or interview processes or job requirements, please contact our People Team at recruiting@oppfi.com.

Pursuant to the requirements of the California Consumer Privacy Act, OppFi is providing the "OppFi California Employee Privacy Policy", which details the categories of personal information collected and your rights under the policy. If you are a California resident, please review the policy here: https://www.oppfi.com/careers/.

The information in this document is for general informational purposes only. It is not intended to be an all-inclusive list or description of the organization and its requirements for positions and employees. OppFi reserves the right to modify or change the information on this document at its discretion.