Qualifications

• 7+ years in security compliance, GRC, or technical audit, focusing on cloud environments.
• Experience managing an SOC 2 Type II cycle from start to finish, including design and audit interaction.
• Hands-on knowledge of PCI DSS and experience with SAQ environments to optimize scope.
• Proficient in reading and modifying code, familiar with infrastructure-as-code and IAM policies.
• Deep understanding of cloud infrastructure and AI-native technologies.
• Strong relationship management capabilities with external auditors and translating controls into actionable engineering tasks.
• Exceptional written communication skills for creating precise documentation and specifications.

Responsibilities

• Lead Kikoff's SOC 2 Type II program, encompassing scoping, control design, evidence collection, and auditor management.
• Ensure compliance with PCI DSS through annual SAQ completions, vendor oversight, and change monitoring.
• Act as the cybersecurity control owner for IT general controls in partnership with the SOX Manager.
• Implement GLBA Safeguards Rule technical controls across the cybersecurity program.
• Coordinate with Legal on SEC Regulation S-K disclosures, including substantive cybersecurity content.
• Manage the security questionnaire pipeline and develop reusable evidence libraries for customer and vendor inquiries.
• Design and manage the internal cybersecurity control testing and continuous monitoring system, collaborating with Security Engineering.
• Create policy-as-code and compliance automation to align with engineering scaling demands.

Benefits

• Opportunity to shape the new Trust & Assurance function in a dynamic startup environment.
• Work closely with cross-functional teams including Finance, Legal, and Engineering.
• Engagement in innovative projects involving AI and automation technologies.
• Exposure to SOC 2 and PCI compliance across a cloud-native infrastructure.
• Career advancement potential in a rapidly growing organization.