Head of Information Security (APAC) at Alpaca
Remote - APACFull-timeRemoteInfo SecurityPosted about 2 months ago
Apply with PipelineAbout the Role
<div class="content-intro"><p><strong>Who We Are:</strong></p>
<p>Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our <a href="https://alpaca.markets/blog/alpaca-raises-150-million-at-a-1-15b-valuation-to-build-the-global-standard-for-brokerage-infrastructure/">recent Series D funding round</a> brought our total investment to over $320 million, fueling our ambitious vision.</p>
<p>Amongst our subsidiaries, Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs. This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts.</p>
<p>Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of <strong>opening financial services to everyone on the planet</strong>. We're deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it.</p>
<p>Alpaca is proudly backed by top-tier global investors, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Derayah Financial, Elefund, and Y Combinator.</p>
<p> </p>
<p><strong>Our Team Members:</strong></p>
<p>We're a dynamic team of 380+ globally distributed members who thrive working from our favorite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond!<br><br>We're searching for passionate individuals eager to contribute to Alpaca's rapid growth. If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply.</p></div><p><span style="font-size: 12pt;"><strong>Your Role:</strong></span></p>
<p><span style="font-size: 12pt;">Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS). </span></p>
<p><span style="font-size: 12pt;">You will be the regional security authority, collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs. </span></p>
<p><span style="font-size: 12pt;">This role merges security engineering, local compliance, risk management, and stakeholder engagement. You translate regional regulatory requirements into actionable security controls, ensuring a secure, scalable, and compliant platform. You will also be the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets.</span></p>
<h3><span style="font-size: 12pt;"><strong>Things You Get To Do:</strong></span></h3>
<p><span style="font-size: 12pt;"><strong>Regional Security & Compliance Leadership</strong></span></p>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Manage Alpaca’s APAC information security program</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Interpret and implement local regulatory requirements into security controls</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Serve as the APAC security compliance and regulatory expert</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations</span></li>
</ul>
<p><span style="font-size: 12pt;"><strong>Security Risk Management</strong></span></p>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Lead risk identification, assessment, and mitigation for cloud infrastructure, APIs, and trading systems</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Manage and evolve regional risk registers, reporting, and governance</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR)</span></li>
</ul>
<p><span style="font-size: 12pt;"><strong>Cloud & Platform Security Collaboration</strong></span></p>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Partner with Engineering for secure-by-design, cloud-native infrastructure</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Provide guidance on IAM, Network security architecture, Secure SDLC, Infrastructure hardening/monitoring</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Review architecture to embed security and compliance early</span></li>
</ul>
<p><span style="font-size: 12pt;"><strong>Regulatory Audits & External Engagement</strong></span></p>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Lead and support regulatory exams, audits, and assessments</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Act as the primary liaison for Regulators, external auditors, and local compliance partners</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Report findings to the global security team and assist with triage and mitigation</span></li>
</ul>
<p><span style="font-size: 12pt;"><strong>Policy, Governance & Controls</strong></span></p>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Develop and maintain regional security policies, standards, and procedures as required</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Localize global policies for APAC regulatory environments</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Drive control implementation and testing across security and compliance frameworks</span></li>
</ul>
<p> </p>
<h3><span style="font-size: 12pt;"><strong>Who You Are (Must-Haves):</strong></span></h3>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">6+ years of experience in information security, cybersecurity, or GRC, preferably in fintech or financial services</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Fluent in Japanese and English (written and verbal)</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">An excellent understanding of cloud security, application and infrastructure security, and risk management frameworks</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience with security and compliance frameworks (ISO 27001, SOC 2, etc.)</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Direct experience working with or supporting regulatory requirements in Japan (e.g. APPI / FSA) and/or APAC</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Proven experience handling audits, regulatory exams, or compliance programs</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Ability to work cross-functionally with engineering, product, and compliance teams</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Strong communication skills, with the ability to translate technical risks into business impact</span></li>
</ul>
<h3><span style="font-size: 12pt;"><strong>Who You Might Be (Nice-to-Haves):</strong></span></h3>
<ul>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience in brokerage, trading platforms, or financial infrastructure</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience with data privacy regulations (APPI, GDPR, etc.)</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor)</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Experience building or scaling regional security programs</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Exposure to DevSecOps practices and modern cloud-native architectures</span></li>
<li style="font-size: 12pt;"><span style="font-size: 12pt;">Familiarity with AI/ML risk considerations in financial systems</span></li>
</ul><div class="content-conclusion"><h3><strong>How We Take Care of You:</strong></h3>
<ul>
<li style="font-weight: 400; text-align: justify;"><span style="font-weight: 400;">Competitive Salary & Stock Options</span></li>
<li style="text-align: justify;">Health Benefits</li>
<li style="font-weight: 400; text-align: justify;"><span style="font-weight: 400;">New Hire Home-Office Setup: One-time USD $500</span></li>
<li style="font-weight: 400; text-align: justify;"><span style="font-weight: 400;">Monthly Stipend: USD $150 per month via a Brex Card</span></li>
</ul>
<p><em><span style="font-weight: 400;">Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.<br></span></em></p>
<p><span style="font-size: 8pt;"><a href="https://files.alpaca.markets/disclosures/AlpacaRecruitmentPrivacyPolicy.pdf"><em><span style="font-weight: 400;">Recruitment Privacy Policy</span></em></a></span></p></div>
Related Roles
Brokerage Operations Associate I - ACATS
Alpaca
Remote - APACRemoteDirector of Engineering, Trading
Alpaca
Remote - North AmericaRemoteCustomer Success Manager
Alpaca
Remote - North AmericaRemoteInternational Accounting Manager
Alpaca
Remote - North America RemoteSenior Frontend Engineer - Internal Tools
Alpaca
Remote - North America - EuropeRemoteSenior Software Engineer - Trading
Alpaca
Remote - AmericasRemote