Head of Information Security (APAC)

Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our recent Series D funding round brought our total investment to over $320 million, fueling our ambitious vision.

Amongst our subsidiaries, Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs. This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts.

Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of opening financial services to everyone on the planet. We're deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it.

Alpaca is proudly backed by top-tier global investors, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Derayah Financial, Elefund, and Y Combinator.

We're a dynamic team of 230+ globally distributed members who thrive working from our favorite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond!

We're searching for passionate individuals eager to contribute to Alpaca's rapid growth. If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply.

Your Role:

Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS). 

You will be the regional security authority, collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs. 

This role merges security engineering, local compliance, risk management, and stakeholder engagement. You translate regional regulatory requirements into actionable security controls, ensuring a secure, scalable, and compliant platform. You will also be the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets.

Regional Security & Compliance Leadership

• Manage Alpaca’s APAC information security program
• Interpret and implement local regulatory requirements into security controls
• Serve as the APAC security compliance and regulatory expert
• Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations

Security Risk Management

• Lead risk identification, assessment, and mitigation for cloud infrastructure, APIs, and trading systems
• Manage and evolve regional risk registers, reporting, and governance
• Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR)

Cloud & Platform Security Collaboration

• Partner with Engineering for secure-by-design, cloud-native infrastructure
• Provide guidance on IAM, Network security architecture, Secure SDLC, Infrastructure hardening/monitoring
• Review architecture to embed security and compliance early

Regulatory Audits & External Engagement

• Lead and support regulatory exams, audits, and assessments
• Act as the primary liaison for Regulators, external auditors, and local compliance partners
• Report findings to the global security team and assist with triage and mitigation

Policy, Governance & Controls

• Develop and maintain regional security policies, standards, and procedures as required
• Localize global policies for APAC regulatory environments
• Drive control implementation and testing across security and compliance frameworks

• 6+ years of experience in information security, cybersecurity, or GRC, preferably in fintech or financial services
• Fluent in Japanese and English (written and verbal)
• An excellent understanding of cloud security, application and infrastructure security, and risk management frameworks
• Experience with security and compliance frameworks (ISO 27001, SOC 2, etc.)
• Direct experience working with or supporting regulatory requirements in Japan (e.g. APPI / FSA) and/or APAC
• Proven experience handling audits, regulatory exams, or compliance programs
• Ability to work cross-functionally with engineering, product, and compliance teams
• Strong communication skills, with the ability to translate technical risks into business impact

• Experience in brokerage, trading platforms, or financial infrastructure
• Experience with data privacy regulations (APPI, GDPR, etc.)
• Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor)
• Experience building or scaling regional security programs
• Exposure to DevSecOps practices and modern cloud-native architectures
• Familiarity with AI/ML risk considerations in financial systems

• Competitive Salary & Stock Options
• Health Benefits
• New Hire Home-Office Setup: One-time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card

Alpaca is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.

Recruitment Privacy Policy