Information Security Manager

About The Position

Requirements

• 5+ years in information security, with 2+ years in fintech or highly regulated industry
• CISSP certification (or actively pursuing - must obtain within 12 months of hire)
• Hands-on experience leading SOC 2 and PCI DSS audits from start to finish
• Strong incident response background—you've led real security incidents
• Experience with vulnerability management platforms (Wiz, Snyk, Tenable)
• Solid understanding of AWS security: IAM, Security Hub, GuardDuty, CloudTrail, KMS
• Experience with SIEM platforms (Splunk, Datadog, Elastic)—you can write detection rules and build dashboards
• Hands-on experience with vulnerability assessment and penetration testing tools (Burp Suite, Nessus, Qualys, or similar)
• Ability to read code (Ruby, JavaScript, Python) and assess security implications
• Knowledge of web application security, API security, and OWASP Top 10
• Understanding of access control patterns (PAM, SSO, RBAC, least privilege)
• Strong communication—you can explain risks to engineers and executives alike
• Pragmatic risk management in fast-paced environments
• Self-starter who builds programs from scratch
• Collaborative mindset—security as enabler, not blocker
• Ability to drive remediation to completion across teams

Nice To Haves

• Additional certifications (CISM, CISA, CCSP, CEH, OSCP, CRISC)
• Experience managing WAF deployments (Palo Alto, Cloudflare, AWS WAF)
• Infrastructure-as-code experience (Pulumi, Terraform)
• Kubernetes security knowledge
• SOAR platform experience
• DevSecOps or security automation background
• Scripting skills (Python, Bash) for security tooling and automation

Responsibilities

• Own Compliance
• Lead SOC 2 Type II and PCI DSS programs through successful audit
• Design and implement security controls without blocking velocity
• Serve as primary technical contact for external auditors and assessors
• Manage third-party vendor security assessments and ongoing monitoring
• Build automated evidence collection and continuous compliance monitoring
• Report security metrics and program status to executive leadership
• Manage Security Operations
• Establish vulnerability management program with defined SLAs and remediation workflows
• Own end-to-end vulnerability management: identify, assess, prioritize, and drive remediation to completion across infrastructure and applications
• Manage external penetration testing program with third-party vendors, including scoping, assessment review, and remediation tracking
• Perform internal penetration testing and security assessments of applications, APIs, and infrastructure
• Build SIEM detection rules, security dashboards, and alert triage processes
• Develop and test incident response runbooks
• Conduct threat modeling for critical systems and architectural changes
• Lead security assessments of new technologies and third-party integrations
• Enable & Collaborate
• Partner with platform engineering to implement security roadmap: AWS landing zone design, PAM/JIT workflows, account segmentation, disaster recovery testing
• Enforce enterprise security controls (SSO, secrets management, RBAC)
• Build and deliver security awareness training program for all employees
• Develop and maintain security policies, standards, and procedures
• Translate compliance requirements into actionable engineering tasks and drive completion

Benefits

• Medical, dental, and vision coverage - Kikoff covers the full cost of health insurance for the employee!
• Meaningful equity in the form of RSU's
• Flexible vacation policy to help you recharge
• Competitive pay based on experience consisting of base + equity + benefits