management
Posted Apr 22Head of Information Security (APAC)
at Alpaca
Remote
Responsibilities
- Manage Alpaca’s APAC information security program
- Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations
- Lead risk identification, assessment, and mitigation for cloud infrastructure, APIs, and trading systems
- Manage and evolve regional risk registers, reporting, and governance
- Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR)
- Review architecture to embed security and compliance early
- Lead and support regulatory exams, audits, and assessments
- Report findings to the global security team and assist with triage and mitigation
- Develop and maintain regional security policies, standards, and procedures as required
- Drive control implementation and testing across security and compliance frameworks
Requirements
- We're deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it.
- experience in information security, cybersecurity, or GRC, preferably in fintech or financial services
- An excellent understanding of cloud security, application and infrastructure security, and risk management frameworks •
- Experience with security and compliance frameworks (ISO 27001, SOC 2, etc.) Direct
- experience working with or supporting regulatory
- requirements in Japan (e.g. APPI / FSA) and/or APAC Proven
- Ability to work cross-functionally with engineering, product, and compliance teams
- Experience in brokerage, trading platforms, or financial infrastructure •
- Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) •
- Exposure to DevSecOps practices and modern cloud-native architectures
- Familiarity with AI/ML risk considerations in financial systems How We Take Care of You:
Experience
- Who You Are (Must-Haves): 6+ years of
Benefits
- Our recent Series D funding round brought our total investment to over $320 million, fueling our ambitious vision.
- Competitive Salary & Stock Options Health Benefits
- New Hire Home-Office Setup: One-time USD $500
- Monthly Stipend: USD $150 per month via a Brex Card
Additional details
- Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more.
- Amongst our subsidiaries, Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs.
- This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts.
- Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of opening financial services to everyone on the planet .
- Alpaca is proudly backed by top-tier global investors, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Derayah Financial, Elefund, and Y Combinator. Our Team Members:
- We're a dynamic team of 380+ globally distributed members who thrive working from our favorite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond!
- We're searching for passionate individuals eager to contribute to Alpaca's rapid growth.
- If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply. Your Role:
- Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS).
- You will be the regional security authority, collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs.