Head Of Information Security (Apac)

Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS).
You will be the regional security authority, collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs.
This role merges security engineering, local compliance, risk management, and stakeholder engagement.
You translate regional regulatory requirements into actionable security controls, ensuring a secure, scalable, and compliant platform.
You will also be the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets.
Things You Get To Do:
Regional Security & Compliance Leadership
Manage Alpaca's APAC information security program
Interpret and implement local regulatory requirements into security controls
Serve as the APAC security compliance and regulatory expert
Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations
Security Risk Management
Lead risk identification, assessment, and mitigation for cloud infrastructure, APIs, and trading systems
Manage and evolve regional risk registers, reporting, and governance
Ensure adherence to global frameworks (ISO *****, SOC 2, CSA STAR)
Cloud & Platform Security Collaboration
Partner with Engineering for secure‐by‐design, cloud‐native infrastructure
Provide guidance on IAM, Network security architecture, Secure SDLC, Infrastructure hardening/monitoring
Review architecture to embed security and compliance early
Regulatory Audits & External Engagement
Lead and support regulatory exams, audits, and assessments
Act as the primary liaison for Regulators, external auditors, and local compliance partners
Report findings to the global security team and assist with triage and mitigation
Policy, Governance & Controls
Develop and maintain regional security policies, standards, and procedures as required
Localize global policies for APAC regulatory environments
Drive control implementation and testing across security and compliance frameworks
Who You Are (Must‐Haves):
6+ years of experience in information security, cybersecurity, or GRC, preferably in fintech or financial services
Fluent in Japanese and English (written and verbal)
An excellent understanding of cloud security, application and infrastructure security, and risk management frameworks
Experience with security and compliance frameworks (ISO *****, SOC 2, etc.)
Direct experience working with or supporting regulatory requirements in Japan (e.g. APPI / FSA) and/or APAC
Proven experience handling audits, regulatory exams, or compliance programs
Ability to work cross-functionally with engineering, product, and compliance teams
Strong communication skills, with the ability to translate technical risks into business impact
Who You Might Be (Nice‐to‐Haves):
Experience in brokerage, trading platforms, or financial infrastructure
Experience with data privacy regulations (APPI, GDPR, etc.)
Security certifications (e.g. CISSP, CISM, CRISC, ISO ***** Lead Implementer/Auditor)
Experience building or scaling regional security programs
Exposure to DevSecOps practices and modern cloud‐native architectures
Familiarity with AI/ML risk considerations in financial systems
How We Take Care of You:
Competitive Salary & Stock Options
Health Benefits
New Hire Home‐Office Setup: One‐time USD $500
Monthly Stipend: USD $150 per month via a Brex Card
Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.
#J-*****-Ljbffr