Information Security Manager

ABOUT THE ROLE

You'll be our first dedicated security leader, owning the technical execution of our security and compliance program. You'll drive SOC 2 and PCI DSS compliance, manage our vulnerability program, and build security capabilities that enable our engineering teams to move fast while staying secure. This is a hands‑on role—you'll design controls, write policies, respond to incidents, and work directly with auditors.

This is initially an individual contributor role with high impact and visibility. As our security program matures, you'll have the opportunity to build and lead a security team.

IN THIS ROLE, YOU WILL

Own Compliance

Lead SOC 2 Type II and PCI DSS programs through successful audit

Design and implement security controls without blocking velocity

Serve as primary technical contact for external auditors and assessors

Manage third‑party vendor security assessments and ongoing monitoring

Build automated evidence collection and continuous compliance monitoring

Report security metrics and program status to executive leadership

Manage Security Operations

Establish vulnerability management program with defined SLAs and remediation workflows

Own end‑to‑end vulnerability management : identify, assess, prioritize, and drive remediation to completion across infrastructure and applications

Manage external penetration testing program with third‑party vendors, including scoping, assessment review, and remediation tracking

Perform internal penetration testing and security assessments of applications, APIs, and infrastructure

Build SIEM detection rules, security dashboards, and alert triage processes

Develop and test incident response runbooks

Conduct threat modeling for critical systems and architectural changes

Lead security assessments of new technologies and third‑party integrations

Enable & Collaborate

Partner with platform engineering to implement security roadmap : AWS landing zone design, PAM / JIT workflows, account segmentation, disaster recovery testing

Enforce enterprise security controls (SSO, secrets management, RBAC)

Build and deliver security awareness training program for all employees

Develop and maintain security policies, standards, and procedures

Translate compliance requirements into actionable engineering tasks and drive completion

YOU HAVE

Security & Compliance :

5+ years in information security, with 2+ years in fintech or highly regulated industry

CISSP certification (or actively pursuing - must obtain within 12 months of hire)

Hands‑on experience leading SOC 2 and PCI DSS audits from start to finish

Strong incident response background—you've led real security incidents

Experience with vulnerability management platforms (Wiz, Snyk, Tenable)

Technical Skills :

Solid understanding of AWS security : IAM, Security Hub, GuardDuty, CloudTrail, KMS

Experience with SIEM platforms (Splunk, Datadog, Elastic)—you can write detection rules and build dashboards

Hands‑on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar)

Ability to read code (Ruby, JavaScript, Python) and assess security implications

Knowledge of web application security, API security, and OWASP Top 10

Understanding of access control patterns (PAM, SSO, RBAC, least privilege)

Core Competencies :

Strong communication—you can explain risks to engineers and executives alike

Pragmatic risk management in fast‑paced environments

Self‑starter who builds programs from scratch

Collaborative mindset—security as enabler, not blocker

Ability to drive remediation to completion across teams

NICE TO HAVE

Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC)

Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF)

Infrastructure‑as‑code experience (Pulumi, Terraform)

Kubernetes security knowledge

SOAR platform experience

DevSecOps or security automation background

Scripting skills (Python, Bash) for security tooling and automation

Kikoff : A FinTech Unicorn Powering Financial Progress with AI

At Kikoff, our mission is to provide radically affordable financial tools to help consumers achieve financial security. We're a profitable, high growth FinTech unicorn serving millions of people, many of whom are building credit or navigating life paycheck to paycheck. With innovative technology and AI, we simplify credit building, reduce debt, and expand access to financial opportunities to those who need them the most. Founded in 2019, Kikoff is headquartered in San Francisco and backed by top‑tier VC investors and NBA star Stephen Curry.

Why Kikoff :

This is a consumer fintech startup, and you will be working with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and work relationships. Yes, you can build an exciting business AND have real‑life real‑customer impact.

🏥 Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee!

📈 Meaningful equity in the form of RSU's

🏝 Flexible vacation policy to help you recharge

💰 Competitive pay based on experience consisting of base + equity + benefits

Location : Hybrid, 3 days onsite in San Francisco, CA.

Visa sponsorship available : Kikoff is willing to provide sponsorship for H1‑B visas and U.S. green cards for exceptional talent.

Equal Employment Opportunity Statement

Kikoff Inc. is an equal opportunity employer. We are committed to complying with all federal, state, and local laws providing equal employment opportunities and considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

Please reference the following for more information.

If you need reasonable accommodation for a job opening please connect with us at talent@kikoff.com and describe the specific accommodation requested for a disability‑related limitation. Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process.

San Francisco Fair Chance Ordinance : Pursuant to the San Francisco Fair Chance Ordinance, Kikoff will consider for employment qualified applicants with arrest and conviction records.

#J-18808-Ljbffr