Head of Security & Compliance

Casca
San Francisco, US
On-site

Who this role is best for

Best suited to mid-level security professionals with fintech experience who thrive in high-intensity startup environments and can balance security with business velocity.

Best fit for

  • Candidates with hands-on experience securing AI-driven workflows.
    — “mitigating risks specific to agentic systems
  • Professionals comfortable mentoring teams while handling incident response.
    — “calm, methodical, and effective under pressure

Things to consider

  • Expect high-intensity weeks with extended hours during launches.
    — “many weeks will demand extra focus
  • Role requires balancing security rigor with startup pace.
    — “balance between security and business velocity

How to stand out

  • Showcase specific examples of lightweight security policies you've implemented.
    — “develop lightweight, durable security policies
  • Highlight experience with SOC 2 Type II or ISO 27001 compliance.
    — “Proven track record of owning SOC 2 Type II
  • Demonstrate how you've secured LLM usage in past roles.
    — “Experience securing LLM usage for both coding
Pace · Fast PacedCollaboration · HighAutonomy · HighDecision Impact · CompanyLevel · Lead

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • secure AI-driven workflows
  • drive customer trust
  • expand compliance roadmap
Typical background
security rolesfintech

Skills & requirements

Required

Security ToolingCloud SecuritySecure SDLCIncident ResponseCompliance

Preferred

AI SecurityFintech

Stack & domain

SecurityComplianceCloud SecurityDevSecOpsAILeadershipCommunicationTeam ManagementFintechBanking

About the role

Original posting from Casca via Ashby

WHY CASCA?

Casca is building AGI for banking. We’re replacing decades-old legacy systems with AI-native technology that automates 90% of the manual work humans once had to do.

WHAT YOU'LL DO:

  • Build security tooling & processes that engineers actually use. Create internal mechanisms for appsec, identity and access management, and threat detection that naturally integrate into how the team ships.
  • Manage, mentor, and grow our team of application security engineers. Mature our Secure SDLC, threat modeling, and vulnerability management processes to ensure our security posture matches our growing responsibility..
  • Secure the agent execution surface. Partner with Engineering and Product to establish robust security architecture for our AI-driven workflows, ensuring strict data privacy, mitigating AI-specific vulnerabilities, and maintaining safe agentic identity.
  • Drive customer trust. Partner with go-to-market and legal teams to support compliance and customer-driven initiatives. Own and expand our compliance roadmap (SOC 2, SOC 1, ISO 27001), while keeping guardrails pragmatic for a fast-paced startup.
  • Lead incident response and detection. Build the detection pipeline, act as the primary commander, and turn every event into systemic improvements.

WHAT YOU'LL BRING:

  • 5+ years in progressive security roles, with at least 2+ years at a B2B tech, fintech, or highly regulated SaaS company.
  • Strong fundamentals in secure SDLC, cloud security (AWS/GCP), Web security, and DevSecOps practices.
  • Ability to develop lightweight, durable security policies, access controls, and data governance frameworks. A track record of building "practical security, not checkbox theater."
  • Nice to have: Experience securing LLM usage for both coding and in product use cases, and mitigating risks specific to agentic systems (e.g., unauthorized actions taken by autonomous agents, prompt injection, and data poisoning)
  • Proven track record of owning SOC 2 Type II and/or ISO 27001 compliance.
  • You can review a penetration test, debate architecture with a lead engineer, and present to a bank's CISO…all in the same day
  • You’re comfortable with incident response - calm, methodical, and effective under pressure; experience leading incidents end to end & driving the fixes that follow.
  • You thrive in ambiguity, know how to ruthlessly prioritize fixes to eliminate the highest risks first, and understand the balance between security and business velocity.
  • Experience in fintech or banking

WHAT YOU'LL GET:

  • Impact & Ownership: A unique opportunity to shape the future of banking through AI, owning end-to-end product initiatives.
  • Collaborative Environment: Work alongside a talented and passionate team that values continuous improvement and knowledge sharing.
  • Competitive Compensation: Includes salary, benefits, and potential equity in a fast-growing startup.
  • Professional Growth: Access to resources and mentorship to expand your skill set, influence strategy, and accelerate your career.
  • Culture of Innovation: We encourage risk-taking, learning from failures, and pushing the boundaries of what’s possible in fintech.

As an early-stage company building at the frontier of AI, we work with high intensity and commitment. While schedules can vary by role/team, many weeks will demand extra focus, flexibility and time particularly during major launches and high impact sprints. We're seeking those who are aligned to and able to commit to that expectation.

Source: Casca careers (Ashby)

Similar roles