Information Security Manager at Kikoff

San Francisco, California, United States

Apply Now
Kikoff Logo
$200,000 – $260,000Compensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Information SecurityIndustries

Requirements

  • 5+ years in information security, with 2+ years in fintech or highly regulated industry
  • CISSP certification (or actively pursuing - must obtain within 12 months of hire)
  • Hands-on experience leading SOC 2 and PCI DSS audits from start to finish
  • Strong incident response background—you've led real security incidents
  • Experience with vulnerability management platforms (Wiz, Snyk, Tenable)
  • Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS
  • Experience with SIEM platforms (Splunk, Datadog, Elastic)—you can write detection rules and build dashboards
  • Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar)
  • Ability to read code (Ruby, JavaScript, Python) and assess security implications
  • Knowledge of web application security, API security, and OWASP Top 10
  • Understanding of access control patterns (PAM, SSO, RBAC, least privilege)

Responsibilities

  • Own Compliance
  • Lead SOC 2 Type II and PCI DSS programs through successful audit
  • Design and implement security controls without blocking velocity
  • Serve as primary technical contact for external auditors and assessors
  • Manage third-party vendor security assessments and ongoing monitoring
  • Build automated evidence collection and continuous compliance monitoring
  • Report security metrics and program status to executive leadership
  • Manage Security Operations
  • Establish vulnerability management program with defined SLAs and remediation workflows
  • Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications
  • Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking
  • Perform internal penetration testing and security assessments of applications, APIs, and infrastructure
  • Build SIEM detection rules, security dashboards, and alert triage processes
  • Develop and test incident response runbooks
  • Conduct threat modeling for critical systems and architectural changes
  • Lead security assessments of new technologies and third-party integrations
  • Enable & Collaborate with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing
  • Enforce enterprise security controls (SSO, secrets management, RBAC)
  • Build and deliver security awareness training program for all employees
  • Develop and maintain security policies, standards, and procedures
  • Translate compliance requirements into actionable engineering tasks and drive completion

Skills

Key technologies and capabilities for this role

SOC 2PCI DSSVulnerability ManagementSecurity ControlsIncident ResponseThreat ModelingSIEMAWSPenetration TestingSecurity AssessmentsPolicy Writing

Questions & Answers

Common questions about this position

What is the salary range for the Information Security Manager position?

The salary range is $200K - $260K.

Is this role remote or does it require office work?

This information is not specified in the job description.

What skills and experience are required for this role?

Candidates need 5+ years in information security with 2+ years in fintech or regulated industries, CISSP certification (or pursuing within 12 months), hands-on SOC 2 and PCI DSS audit experience, incident response background, and skills in AWS security, SIEM platforms, and vulnerability management tools like Wiz, Snyk, or Tenable.

What is the team structure for this security role?

This is initially an individual contributor role with high impact and visibility, and as the security program matures, there will be an opportunity to build and lead a security team.

What makes a strong candidate for this Information Security Manager role?

A strong candidate has hands-on experience leading SOC 2 and PCI DSS audits, strong incident response background with real incidents led, proficiency in AWS security services and SIEM platforms for building detections, and experience with vulnerability management platforms.

Kikoff

Credit building services for individuals

Website

About Kikoff

Kikoff helps individuals, especially those with low or no credit, build a positive payment history and improve their credit scores. Its services are user-friendly and do not require credit checks, making them accessible to a wide range of clients. Kikoff offers tools for credit management, including easy disputing, rent reporting, and credit monitoring reports, along with an optional Autopay feature. The company's goal is to empower users to take control of their credit journey and achieve significant improvements in their credit scores.

San Francisco, CaliforniaHeadquarters
2019Year Founded
$41.3MTotal Funding
SERIES_BCompany Stage
Fintech, Financial ServicesIndustries
51-200Employees

Benefits

Health Insurance
Dental Insurance
Vision Insurance
Stock Options
Unlimited Paid Time Off

Risks

Increased competition from new fintech startups could dilute market share.
Regulatory scrutiny may lead to increased compliance costs for Kikoff.
Economic downturns could decrease consumer spending, impacting revenue.

Differentiation

Kikoff offers credit building without credit checks, making it accessible to many.
The platform provides easy disputing and rent reporting to enhance credit scores.
Kikoff's Autopay feature ensures clients never miss a due date.

Upsides

Kikoff recognized as a top credit builder app in 2024.
AI-driven tools can enhance user experience with personalized strategies.
Partnerships with educational platforms can attract younger demographics.

Related Jobs

Washington
Remote iconRemote

Chief Information Security Officer (CISO), Workday Government

Workday
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Myrtle Point
Remote iconRemote

Sr. Content Marketing Manager

1Password
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Head of Security

OpenSea
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years), Senior (5 to 8 years)
United States
Remote iconRemote

Security Program Manager

OpenAI
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Pennsylvania
Remote iconRemote

Pennsylvania Quality Manager (Security)

RPS North America
Salary not specified
  • Employment type iconFull Time
  • Experience level iconJunior (1 to 2 years)
California
Remote iconRemote

Enterprise Architect

Adobe
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Remote
Remote iconRemote

Security Operations Manager

Jobber
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Director, Information Security (Remote, US)

Openly
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)

Land your dream remote job 3x faster with AI

Try Jobo Free