Information Security Manager jobs in United States
cer-icon
Apply on Employer Site
company-logo

Kikoff · 8 hours ago

Information Security Manager

positionSan Francisco, CA
timeFull-time
remoteHybrid
senioritySenior Level
date5+ years exp

Kikoff is a FinTech unicorn focused on providing affordable financial tools to consumers. The Information Security Manager will lead the security and compliance program, including managing SOC 2 and PCI DSS compliance, vulnerability management, and collaborating with engineering teams to ensure security measures are effectively implemented.

CreditFinanceFinancial ServicesFinTechPersonal Finance
check
H1B Sponsorednote

Responsibilities

Lead SOC 2 Type II and PCI DSS programs through successful audit
Design and implement security controls without blocking velocity
Serve as primary technical contact for external auditors and assessors
Manage third-party vendor security assessments and ongoing monitoring
Build automated evidence collection and continuous compliance monitoring
Report security metrics and program status to executive leadership
Establish vulnerability management program with defined SLAs and remediation workflows
Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications
Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking
Perform internal penetration testing and security assessments of applications, APIs, and infrastructure
Build SIEM detection rules, security dashboards, and alert triage processes
Develop and test incident response runbooks
Conduct threat modeling for critical systems and architectural changes
Lead security assessments of new technologies and third-party integrations
Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing
Enforce enterprise security controls (SSO, secrets management, RBAC)
Build and deliver security awareness training program for all employees
Develop and maintain security policies, standards, and procedures
Translate compliance requirements into actionable engineering tasks and drive completion

Qualification

CISSP certificationSOC 2 compliancePCI DSS complianceAWS securityVulnerability managementIncident responseSIEM platformsPenetration testingPragmatic risk managementCommunicationSelf-starterCollaborative mindset

Required

5+ years in information security, with 2+ years in fintech or highly regulated industry
CISSP certification (or actively pursuing - must obtain within 12 months of hire)
Hands-on experience leading SOC 2 and PCI DSS audits from start to finish
Strong incident response background—you've led real security incidents
Experience with vulnerability management platforms (Wiz, Snyk, Tenable)
Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS
Experience with SIEM platforms (Splunk, Datadog, Elastic)—you can write detection rules and build dashboards
Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar)
Ability to read code (Ruby, JavaScript, Python) and assess security implications
Knowledge of web application security, API security, and OWASP Top 10
Understanding of access control patterns (PAM, SSO, RBAC, least privilege)
Strong communication—you can explain risks to engineers and executives alike
Pragmatic risk management in fast-paced environments
Self-starter who builds programs from scratch
Collaborative mindset—security as enabler, not blocker
Ability to drive remediation to completion across teams

Preferred

Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC)
Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF)
Infrastructure-as-code experience (Pulumi, Terraform)
Kubernetes security knowledge
SOAR platform experience
DevSecOps or security automation background
Scripting skills (Python, Bash) for security tooling and automation

Benefits

Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee!
Meaningful equity in the form of RSU's
Flexible vacation policy to help you recharge
Competitive pay based on experience consisting of base + equity + benefits

Company

Kikoff

twittertwittertwitter
company-logo
Kikoff provides credit building services through secured cards and rent reporting.
dateFounded in 2019
location
San Francisco, California, USA
people-size51-200 employees
web-link
https://kikoff.com/

H1B Sponsorship

Kikoff has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (9)
2024 (8)
2023 (5)
2022 (2)
2020 (2)

Funding

Current Stage
Growth Stage
Total Funding
$42.5M
Key Investors
Portage VenturesLightspeed Venture Partners
2021-06-10Series B· $30M
2020-07-01Series A· $10M
2019-11-18Seed· $2.5M

Leadership Team

leader-logo
Kevin Otsuka
VP of Growth
linkedin
leader-logo
Patrick Glover
Head of Operations
linkedin

Recent News

Foundation Capital
Foundation Capital Portfolio
2025-12-24
Entering A Crowded Credit Space, Kikoff Launches With A $30 Million Series B Round Of Funding
2025-12-03
Business Wire
Kikoff Sets the Standard in AI and Earns Inc.’s 2025 Best in Business Honors in Best AI Implementation
2025-12-02
Company data provided by crunchbase