The Company
What we’re doing:
Owning a home is a foundational part of building financial security and wealth in America. However, the tools and technology that support homeownership are antiquated, dependent on things like fax machines, handwritten documentation, and hours of manual review.
We’re here to change it.
Vesta is the next-generation system of record to power the multi-trillion mortgage market. We believe that we are overdue for a core transformation - that in order to build a fully automated process and fully digital customer journeys, lenders will have to adopt a system of record platform that is modern, open, and orchestrated by best-in-class software workflows.
Who we are:
Our founding team is no stranger to the complexities of the financial industry. As early employees at Blend, they spent years together focused on creating modern cloud infrastructure for banks. Now, with Vesta, they are transforming the mortgage industry by creating the most flexible, open and automated origination experience, benefiting financial institutions and their customers.
And, we’re not alone.
We’ve raised $55M from top tier investors, including Andreessen Horowitz, Bain Capital Ventures, Conversion Capital, Zigg Capital, and Index Ventures.
We believe that our team is our greatest competitive advantage and take pride in having a team of exceptional humans. As a team, we value humility, empathy, self-awareness, and an orientation towards action. If this sounds like you and you’re excited by the idea of getting in at the ground level to be part of building the infrastructure that will power the future of the finance industry, we would love to hear from you!
Learn more ↗
The Opportunity
You will join Vesta as our Head of Security, serving as the company’s security leader as we scale the platform that powers critical financial infrastructure. You will build and own the programs that protect Vesta, our customers, and our team across governance, risk, compliance, audits, product and cloud security, incident response, and remote-first IT operations. This is a high-impact role for someone who wants to make security and IT a trusted, pragmatic partner to the business while raising the bar for how modern mortgage technology is built and operated.
This is a remote role with occasional travel for company offsites, customer or audit-related meetings, operational needs, and security exercises.
Reporting To: devon yang,
Co-founder & cto
Location:
Remote
Responsibilities:
Lead Vesta’s security strategy and operating model as the company’s senior-most security leader, partnering with engineering, product, legal, sales, implementations, the executive team, and the board.
Build and mature Vesta’s governance, risk, and compliance program, including risk management, policies, security controls, workforce education, audit readiness, audit execution, and ongoing control ownership.
Design, implement, and oversee Vesta’s security monitoring, logging, threat detection, vulnerability management, and response capabilities across cloud application, product, and internal environments.
Lead incident response and resilience planning, including escalation paths, tabletop exercises, communications plans, post-incident reviews, and business continuity practices.
Serve as a key technical partner to sales and implementations teams, engaging with prospects and customers to articulate Vesta’s security posture, compliance frameworks, control environment, and remediation plans.
Own and operate Vesta’s remote-first IT function, including employee onboarding and offboarding, identity and access management, user provisioning, endpoint management, SaaS administration, vendor management, device lifecycle, and employee support processes.
Establish the foundational security and IT organization at Vesta, with the mandate to scale the roadmap, metrics, team, budget, and strategy as the Head of Security - JD 2 company expands.
The Candidate
Knowledge:
Familiarity with SOC 2, ISO 27001, GLBA, FFIEC, NYDFS, or related financial-services security and compliance expectations
Experience:
Experience securing fintech, mortgage, banking, lending, or other regulated B2B SaaS products.
Experience as part of a security team at a high-growth startup, with meaningful ownership of security programs, controls, or cross-functional initiatives.
Hands-on experience with remote-first IT stacks such as Google Workspace, Rippling, Apple Business Manager, SAML/SSO configuration, and general SaaS administration.
Experience translating security posture into clear customer-facing narratives for enterprise buyers, auditors, and partners.
benefits & Perks:
Robust medical, vision, & dental coverage (~100% of employee premiums are covered)
401(k) plan offering
Meaningful parental leave - 16 weeks fully paid for all new parents, birthing & non-birthing parents (applies to adoptions as well!)
Remote-first culture with a hub in San Francisco
Generous Work-From-Anywhere & Wellness Benefits
Monthly DoorDash benefits
Open & encouraged flexible time off
Company offsites to get to know the team!
At Vesta, we believe that the only way we can tackle the challenging problems in front of us is by having diverse perspectives and an environment that promotes inclusivity. We’re committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. As part of our onboarding process, we participate in the E-Verify program.
