Head of Information Security (APAC)

Alpaca is a U.S.‑headquartered, self‑clearing broker‑dealer and brokerage infrastructure provider for stocks, ETFs, options, crypto, fixed income, and 24/5 trading. Our recent Series D round brought our total investment to over $320 million, fueling an ambitious vision to open financial services to everyone on the planet.Alpaca is a licensed financial services company serving hundreds of institutions across 40 countries with institutional‑grade APIs, broker‑dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges—over 9 million brokerage accounts in total.We are a global team of 380+ distributed members who thrive working from the world’s most innovative locations and who are committed to open‑source contributions and community building.Your Role Reporting to the Global CISO, the Head of Information Security (APAC) will drive the regional security, risk and compliance organization, focusing on APAC regulations (APPI, FSA, MAS). You will serve as the regional security authority, collaborating across global teams (Security, Engineering, Legal, Compliance, Product) to align the trading platform, internal systems and infrastructure with both global standards and local regulatory needs.Things You Get To Do Regional Security & Compliance LeadershipManage Alpaca’s APAC information security programInterpret and implement local regulatory requirements into security controlsServe as the APAC security compliance and regulatory expertEnsure alignment with Global Security, Legal, and Compliance on financial services and data protection regulationsSecurity Risk ManagementLead risk identification, assessment and mitigation for cloud infrastructure, APIs and trading systemsMaintain and evolve regional risk registers, reporting and governanceEnsure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR)Cloud & Platform Security CollaborationPartner with Engineering for secure‑by‑design, cloud‑native infrastructureProvide guidance on IAM, network security architecture, secure SDLC and infrastructure hardening/monitoringReview architecture to embed security and compliance earlyRegulatory Audits & External EngagementLead and support regulatory exams, audits and assessmentsAct as the primary liaison for regulators, external auditors and local compliance partnersReport findings to the global security team and assist with triage and mitigationPolicy, Governance & ControlsDevelop and maintain regional security policies, standards and procedures as requiredLocalize global policies for APAC regulatory environmentsDrive control implementation and testing across security and compliance frameworksWho You Are (Must‑Haves)6+ years of experience in information security, cybersecurity or GRC, preferably in fintech or financial servicesFluent in Japanese and English (written and verbal)Excellent understanding of cloud security, application and infrastructure security and risk management frameworksExperience with security and compliance frameworks (ISO 27001, SOC 2, etc.)Direct experience with regulatory requirements in Japan (e.g. APPI / FSA) and/or APACProven experience handling audits, regulatory exams or compliance programsAbility to work cross‑functionally with engineering, product and compliance teamsStrong communication skills, translating technical risks into business impactWho You Might Be (Nice‑to‑Haves)Experience in brokerage, trading platforms or financial infrastructureExperience with data privacy regulations (APPI, GDPR, etc.)Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor)Experience building or scaling regional security programsExposure to DevSecOps practices and modern cloud‑native architecturesFamiliarity with AI/ML risk considerations in financial systemsHow We Take Care of YouCompetitive Salary & Stock OptionsNew‑Hire Home‑Office Setup: One‑time USD $500Monthly Stipend: USD $150 per month via a Brex CardAlpaca is proud to be an equal‑opportunity workplace dedicated to pursuing and hiring a diverse workforce.#J-18808-Ljbffr