Information Security Manager at Kikoff

ABOUT THE ROLEYoull be our first dedicated security leader owning the technical execution of our security and compliance program. Youll drive SOC 2 and PCI DSS compliance manage our vulnerability program and build security capabilities that enable our engineering teams to move fast while staying secure. This is a hands-on roleyoull design controls write policies respond to incidents and work directly with auditors.This is initially an individual contributor role with high impact and visibility. As our security program matures youll have the opportunity to build and lead a security team.IN THIS ROLE YOU WILLOwn ComplianceLead SOC 2 Type II and PCI DSS programs through successful auditDesign and implement security controls without blocking velocityServe as primary technical contact for external auditors and assessorsManage third-party vendor security assessments and ongoing monitoringBuild automated evidence collection and continuous compliance monitoringReport security metrics and program status to executive leadershipManage Security OperationsEstablish vulnerability management program with defined SLAs and remediation workflowsOwn end-to-end vulnerability management: identify assess prioritize and drive remediation to completion across infrastructure and applicationsManage external penetration testing program with third-party vendors including scoping assessment review and remediation trackingPerform internal penetration testing and security assessments of applications APIs and infrastructureBuild SIEM detection rules security dashboards and alert triage processesDevelop and test incident response runbooksConduct threat modeling for critical systems and architectural changesLead security assessments of new technologies and third-party integrationsEnable & CollaboratePartner with platform engineering to implement security roadmap: AWS landing zone design PAM/JIT workflows account segmentation disaster recovery testingEnforce enterprise security controls (SSO secrets management RBAC)Build and deliver security awareness training program for all employeesDevelop and maintain security policies standards and proceduresTranslate compliance requirements into actionable engineering tasks and drive completionYOU HAVESecurity & Compliance:5 years in information security with 2 years in fintech or highly regulated industryCISSP certification (or actively pursuing - must obtain within 12 months of hire)Hands-on experience leading SOC 2 and PCI DSS audits from start to finishStrong incident response backgroundyouve led real security incidentsExperience with vulnerability management platforms (Wiz Snyk Tenable)Technical Skills:Solid understanding of AWS security: IAM Security Hub GuardDuty CloudTrail KMSExperience with SIEM platforms (Splunk Datadog Elastic)you can write detection rules and build dashboardsHands-on experience with vulnerability assessment and penetration testing tools (Burp Suite Nessus Qualys or similar)Ability to read code (Ruby JavaScript Python) and assess security implicationsKnowledge of web application security API security and OWASP Top 10Understanding of access control patterns (PAM SSO RBAC least privilege)Core Competencies:Strong communicationyou can explain risks to engineers and executives alikePragmatic risk management in fast-paced environmentsSelf-starter who builds programs from scratchCollaborative mindsetsecurity as enabler not blockerAbility to drive remediation to completion across teamsNICE TO HAVEAdditional certifications (CISM CISA CCSP CEH OSCP CRISC)Experience managing WAF deployments (Palo Alto Cloudflare AWS WAF)Infrastructure-as-code experience (Pulumi Terraform)Kubernetes security knowledgeSOAR platform experienceDevSecOps or security automation backgroundScripting skills (Python Bash) for security tooling and automationKikoff: A FinTech Unicorn Powering Financial Progress with AIAt Kikoff our mission is to provide radically affordable financial tools to help consumers achieve financial security. Were a profitable high growth FinTech unicorn serving millions of people many of whom are building credit or navigating life paycheck to paycheck. With innovative technology and AI we simplify credit building reduce debt and expand access to financial opportunities to those who need them the most. Founded in 2019 Kikoff is headquartered in San Francisco and backed by top-tier VC investors and NBA star Stephen Curry.Why Kikoff:This is a consumer fintech startup and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership clear communication a strong sense of craftsmanship and the desire to create lasting work and work relationships. Yes you can build an exciting business AND have real-life real-customer impact. Medical dental and vision coverage - Kikoff covers the full cost of health insurance for the employee! Meaningful equity in the form of RSUs Flexible vacation policy to help you recharge Competitive pay based on experience consisting of base equity benefitsLocation: Hybrid 3 days onsite in San Francisco CA.Visa sponsorship available: Kikoff is willing to provide sponsorship for H1-B visas and U.S. green cards for exceptional talent.Equal Employment Opportunity StatementKikoff Inc. is an equal opportunity employer. We are committed to complying with all federal state and local laws providing equal employment opportunities and considers qualified applicants without regard to race color religion creed gender national origin age disability veteran status marital status pregnancy sex gender expression or identity sexual orientation citizenship or any other legally protected class.Please reference the following for more information.If you need reasonable accommodation for a job opening please connect with us at and describe the specific accommodation requested for a disability-related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process.San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance Kikoff will consider for employment qualified applicants with arrest and conviction records.Required Experience:Manager Key Skills International Development,EMC,JavaScript,Import & Export,Airlines,Asp.Net MVC Employment Type : Full-Time Department / Functional Area: Engineering Experience: years Vacancy: 1 Monthly Salary Salary: 200 - 260