Security-wise, LineageOS is a start but (correct me if I am wrong) you need to unlock the bootloader, which is not great. These ROMs purport heightened privacy or "hardened" security.
iodéOS: "deGoogled" LineageOS fork, uses lots of blacklists for ad- and tracker-blocking. Sells pre-installed devices.
CalyxOS: Provides a fair amount of privacy. Limited device support. microG is optional. Uses F-Droid and Aurora Store.
DivestOS: Soft fork of LineageOS. "Hardened" with things like the Mulch WebView, uses F-Droid repositories for updates. Comes loaded with a tracker blocker, Mull browser, removal of proprietary blobs to reduce attack surface. ROMs available for many devices.
/e/OS: A "deGoogled" Android experience. Uses microG, no telemetry sent to Google, modified NTP and DNS servers, modified GPS service. Uses the "App Lounge" which combines the Aurora Store with F-Droid and PWAs. Has a tracker blocker. Requires you to have an @murena.io account for some functionalities.
GrapheneOS: Private, secure, hardened... has a long list of features. Updates are fast, exploitations are quickly mitigated, non-profit. Probably the most recommended, but Pixel-only.
shameless promotion
If you are just getting started, perhaps an introductory guide to digital provacy would be something you're interested in. Let me know if you see mistakes, or want to propose updates for me to include.
I've been out of the custom ROM scene for a while, is Cyanogenmod still a thing? that shit was like magic on my Galaxy S4. I remember it getting really slow like a few months into having it only because of how damn bloated the OS was before flashing CM onto there.