Skip to content
CascaCascaSan Francisco, CA

Head of Security & Compliance

Lead security and compliance for an AI-native banking startup. Build security tooling, manage a team of appsec engineers, own compliance (SOC 2, ISO 27001), and secure AI agent workflows.

200k – 255k/yr
On-site5+ YOESecurity Engineering

About the role

What you'll do

  • Build security tooling & processes that engineers actually use. Create internal mechanisms for appsec, identity and access management, and threat detection that naturally integrate into how the team ships.
  • Manage, mentor, and grow our team of application security engineers. Mature our Secure SDLC, threat modeling, and vulnerability management processes to ensure our security posture matches our growing responsibility.
  • Secure the agent execution surface. Partner with Engineering and Product to establish robust security architecture for our AI-driven workflows, ensuring strict data privacy, mitigating AI-specific vulnerabilities, and maintaining safe agentic identity.
  • Drive customer trust. Partner with go-to-market and legal teams to support compliance and customer-driven initiatives. Own and expand our compliance roadmap (SOC 2, SOC 1, ISO 27001), while keeping guardrails pragmatic for a fast-paced startup.
  • Lead incident response and detection. Build the detection pipeline, act as the primary commander, and turn every event into systemic improvements.

What you'll bring

  • 5+ years in progressive security roles, with at least 2+ years at a B2B tech, fintech, or highly regulated SaaS company.
  • Strong fundamentals in secure SDLC, cloud security (AWS/GCP), Web security, and DevSecOps practices.
  • Ability to develop lightweight, durable security policies, access controls, and data governance frameworks. A track record of building "practical security, not checkbox theater."
  • You can review a penetration test, debate architecture with a lead engineer, and present to a bank's CISO…all in the same day.
  • You’re comfortable with incident response - calm, methodical, and effective under pressure; experience leading incidents end to end & driving the fixes that follow.
  • You thrive in ambiguity, know how to ruthlessly prioritize fixes to eliminate the highest risks first, and understand the balance between security and business velocity.

Nice to have

  • Experience securing LLM usage for both coding and in product use cases, and mitigating risks specific to agentic systems (e.g., unauthorized actions taken by autonomous agents, prompt injection, and data poisoning).
  • Proven track record of owning SOC 2 Type II and/or ISO 27001 compliance.
  • Experience in fintech or banking.

Skills

Secure SdlcCloud SecurityAWSGCPWeb SecurityDevSecOpsApplication SecurityIdentity And Access ManagementThreat DetectionIncident ResponseSOC 2ISO 27001Penetration TestingData Governance
Tatari

Head of Security

TatariNew York, NY +2

Lead security engineering team and roadmap for a late-stage AdTech SaaS company. Own incident response, risk management, AWS/K8s security, and compliance programs including SOC 2.

200k – 250k/yr
Hybrid7+ YOESecurity Engineering
Greenboard

Head of Technical Security

GreenboardNew York, NY

Leads technical security, compliance (SOC 2, GDPR, ISO 42001), vulnerability management, and infrastructure hardening for a fast-growing fintech. Requires 3-7 years in security engineering with hands-on AWS, vuln tooling, and audit experience.

185k – 300k/yr
On-siteSecurity Engineering
GameChanger

Director, Information Security & Technology

GameChangerNew York, NY

Lead GameChanger's Information Security and IT Operations as Director. Own multi-year security strategy, lead multidisciplinary teams across product security, cloud/AI security, SecOps, GRC, and internal tech support. Partner with executive leadership and parent company DSG while building security culture. Requires 10+ years security experience including people management.

220k – 240k/yr
Remote10+ YOESecurity Engineering
Huntress

Director, Detection Engineering & Threat Hunting

HuntressUnited States

Strategic leader to own Detection Engineering & Threat Hunting function, managing managers and aligning defensive strategy with company goals. Requires 5+ years cybersecurity experience with manager-of-managers background.

220k – 240k/yr
Remote5+ YOESecurity Engineering
NexHealth

Head of IT & Security

NexHealthSeattle, WA +1

Lead NexHealth's security governance, compliance, IT operations, and incident response. Build and scale the security program and team from the ground up while partnering with engineering and leadership.

175k – 220k/yr
On-site8+ YOESecurity Engineering