Staff Trust & Assurance Engineer

Responsibilities

• Own the end-to-end SOC 2 Type II program, including scoping, control design, evidence collection, and auditor management
• Maintain PCI DSS self-attestation, including annual SAQ completion and scope analysis
• Serve as the cybersecurity control owner for IT general controls supporting the SOX program
• Operationalize GLBA Safeguards Rule technical controls across the program
• Manage the customer and vendor security questionnaire pipeline and trust portal
• Design and operate internal cybersecurity control testing and continuous monitoring programs
• Build policy-as-code, compliance-as-code, and AI-driven evidence automation

Requirements

• 7+ years of experience in security compliance, GRC, or technical audit in cloud-native environments
• Proven experience owning at least one SOC 2 Type II cycle end-to-end
• Hands-on experience with PCI DSS, including SAQ environments and scope reduction
• Ability to read and modify code, infrastructure-as-code (IaC), and IAM policies
• Proficiency working in Git-based engineering workflows and CI/CD pipelines
• Strong understanding of cloud infrastructure and modern AI-native technologies
• Excellent written communication skills for producing auditor-ready documentation

Preferred Qualifications

• Experience as a control owner supporting SOX IT general controls in a pre-IPO or newly public company
• Experience building or operating AI/LLM-driven GRC automation or evidence-collection pipelines
• Background in IPO readiness
• Familiarity with ISO 27001, ISO 42001, FedRAMP, CMMC 2.x, or NIST 800-53

About the Company

Kikoff is a profitable, pre-IPO fintech company on a mission to empower everyone to achieve financial security. We have built a suite of products that help millions of people build credit, access liquidity, and save money. We value extreme ownership, clear communication, and a strong sense of craftsmanship.