Information Security Manager (San Francisco) Job at Kikoff, San Francisco, CA

SGlMdUFPNGl4cW1rOUJLdjZVTzgvT1ZpZ3c9PQ==
  • Kikoff
  • San Francisco, CA

Job Description

About The Role

You'll be our first dedicated security leader, owning the technical execution of our security and compliance program. Youll drive SOC 2 and PCI DSS compliance, manage our vulnerability program, and build security capabilities that enable our engineering teams to move fast while staying secure. This is a handson roleyoull design controls, write policies, respond to incidents, and work directly with auditors.

This is initially an individual contributor role with high impact and visibility. As our security program matures, youll have the opportunity to build and lead a security team.

Own Compliance

  • Lead SOC 2 Type II and PCI DSS programs through successful audit
  • Design and implement security controls without blocking velocity
  • Serve as primary technical contact for external auditors and assessors
  • Manage thirdparty vendor security assessments and ongoing monitoring
  • Build automated evidence collection and continuous compliance monitoring
  • Report security metrics and program status to executive leadership

Manage Security Operations

  • Establish vulnerability management program with defined SLAs and remediation workflows
  • Own endtoend vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications
  • Manage external penetration testing program with thirdparty vendors, including scoping, assessment review, and remediation tracking
  • Perform internal penetration testing and security assessments of applications, APIs, and infrastructure
  • Build SIEM detection rules, security dashboards, and alert triage processes
  • Develop and test incident response runbooks
  • Conduct threat modeling for critical systems and architectural changes
  • Lead security assessments of new technologies and thirdparty integrations

Enable & Collaborate

  • Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing
  • Enforce enterprise security controls (SSO, secrets management, RBAC)
  • Build and deliver security awareness training program for all employees
  • Develop and maintain security policies, standards, and procedures
  • Translate compliance requirements into actionable engineering tasks and drive completion

You Have

Security & Compliance

  • 5+ years in information security, with 2+ years in fintech or a highly regulated industry
  • CISSP certification (or actively pursuing must obtain within 12 months of hire)
  • Handson experience leading SOC 2 and PCI DSS audits from start to finish
  • Strong incident response background you've led real security incidents
  • Experience with vulnerability management platforms (Wiz, Snyk, Tenable)

Technical Skills

  • Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS
  • Experience with SIEM platforms (Splunk, Datadog, Elastic) you can write detection rules and build dashboards
  • Handson experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar)
  • Ability to read code (Ruby, JavaScript, Python) and assess security implications
  • Knowledge of web application security, API security, and OWASP Top 10
  • Understanding of access control patterns (PAM, SSO, RBAC, least privilege)

Core Competencies

  • Strong communication you can explain risks to engineers and executives alike
  • Pragmatic risk management in fastpaced environments
  • Selfstarter who builds programs from scratch
  • Collaborative mindset security as enabler, not blocker
  • Ability to drive remediation to completion across teams

Nice to Have

  • Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC)
  • Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF)
  • Infrastructureascode experience (Pulumi, Terraform)
  • Kubernetes security knowledge
  • SOAR platform experience
  • DevSecOps or security automation background
  • Scripting skills (Python, Bash) for security tooling and automation

Kikoff

Kikoff is a FinTech unicorn powering financial progress with AI. Our mission is to provide radically affordable financial tools to help consumers achieve financial security. Founded in 2019, we serve millions of people, many building credit or navigating life paycheck to paycheck. We simplify credit building, reduce debt, and expand access to financial opportunities.

Why Kikoff

This is a consumer fintech startup where you will work with serial entrepreneurs who have built strong consumer brands and innovative products. We value extreme ownership, clear communication, a strong sense of craftsmanship, and the desire to create lasting work and relationships.

Benefits

  • Medical, dental, and vision coverage Kikoff covers the full cost of health insurance for the employee
  • Meaningful equity in the form of RSUs
  • Flexible vacation policy
  • Competitive pay based on experience (base + equity + benefits)
  • Hybrid location 3 days onsite in San Francisco, CA
  • Visa sponsorship available for H1B visas and U.S. green cards for exceptional talent

Equal Employment Opportunity Statement

kikoff Inc. is an equal opportunity employer. We are committed to complying with all federal, state, and local laws providing equal employment opportunities and consider qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

If you need reasonable accommodation for a job opening, please connect with us at talent@kikoff.com and describe the specific accommodation requested for a disability-related limitation.

San Francisco Fair Chance Ordinance: Pursuant to the San Francisco Fair Chance Ordinance, Kikoff will consider for employment qualified applicants with arrest and conviction records.

#J-18808-Ljbffr

Job Tags

Full time, H1b, Local area, Visa sponsorship, Flexible hours,

Similar Jobs

Peraton

Aerospace Systems Engineering Job at Peraton

 ...reviews, overseeing developer during system integration and test, risk identification, tracking, and mitigation) Background in aerospace, mechanical, or electrical engineering desired. SCA / Union / Intern Rate or Range Details Target Salary Range:... 

Scottsdale Academy

Preschool Teacher (JT) Job at Scottsdale Academy

 ...learning best practices. This position is well-suited for teachers with backgrounds as a Preschool Teacher, Child Care Teacher, Daycare Teacher, Infant/Toddler Teacher, Voluntary Prekindergarten Teacher, or Early Childhood Educator. Key Responsibilities Create... 

Whole Foods Market

Chef de Partie Job at Whole Foods Market

 ...creating meaningful change. Our purpose is to nourish people and the planet. That means improving how people eat, funding grants for school gardens, providing access to fresh and healthy food to people living within food deserts, alleviating poverty in developing... 

The Voluntary Protection Programs Participants' Association,...

Environmental Health and Safety Manager Job at The Voluntary Protection Programs Participants' Association,...

 ...maintained in accordance with the requirements of the applicable Safety Management system standards, ISO 14001 and governmental...  ...teams in the coordination of EHS compliance activities.Determine industrial hygiene needs and conduct necessary air and noise monitoring.Conduct... 

Ethos Management

Retail Marketing and Advertising - RETAIL EVENT STAFF & EVENT PLANNING Job at Ethos Management

 ...Event Staff and Event Coordinators will focus on the following: (full training is provided)Entry Level Marketing...  ...Ability to take and follow directionsExperience: NO EXPERIENCE NECESSARY! These are...  ...ENTRY LEVEL positions.Weekly Base pay/Weekly bonus incentives/Benefits...