Head of Information Security; APAC

Alpaca is a U.S.‑headquartered, self‑clearing broker‑dealer and brokerage infrastructure provider for stocks, ETFs, options, crypto, fixed income, and 24/5 trading. Our recent Series D round brought our total investment to over $320 million, fueling an ambitious vision to open financial services to everyone on the planet.

Alpaca is a licensed financial services company serving hundreds of institutions across 40 countries with institutional‑grade APIs, broker‑dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges—over 9 million brokerage accounts in total.

We are a global team of 380+ distributed members who thrive working from the world’s most innovative locations and who are committed to open‑source contributions and community building.

Reporting to the Global CISO, the Head of Information Security (APAC) will drive the regional security, risk and compliance organization, focusing on APAC regulations (APPI, FSA, MAS). You will serve as the regional security authority, collaborating across global teams (Security, Engineering, Legal, Compliance, Product) to align the trading platform, internal systems and infrastructure with both global standards and local regulatory needs.

• Manage Alpaca’s APAC information security program
• Interpret and implement local regulatory requirements into security controls
• Serve as the APAC security compliance and regulatory expert
• Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations

• Lead risk identification, assessment and mitigation for cloud infrastructure, APIs and trading systems
• Maintain and evolve regional risk registers, reporting and governance
• Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR)

• Partner with Engineering for secure‑by‑design, cloud‑native infrastructure
• Provide guidance on IAM, network security architecture, secure SDLC and infrastructure hardening/monitoring
• Review architecture to embed security and compliance early

• Lead and support regulatory exams, audits and assessments
• Act as the primary liaison for regulators, external auditors and local compliance partners
• Report findings to the global security team and assist with triage and mitigation

• Develop and maintain regional security policies, standards and procedures as required
• Localize global policies for APAC regulatory environments
• Drive control implementation and testing across security and compliance frameworks

• 6+ years of experience in information security, cybersecurity or GRC, preferably in fintech or financial services
• Fluent in Japanese and English (written and verbal)
• Excellent understanding of cloud security, application and infrastructure security and risk management frameworks
• Experience with security and compliance frameworks (ISO 27001, SOC 2, etc.)
• Direct experience with regulatory requirements in Japan (e.g. APPI / FSA) and/or APAC
• Proven experience handling audits, regulatory exams or compliance programs
• Ability to work cross‑functionally with engineering, product and compliance teams
• Strong communication skills, translating technical risks into business impact

• Experience in brokerage, trading platforms or financial infrastructure
• Experience with data privacy regulations (APPI, GDPR, etc.)
• Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor)
• Experience building or scaling regional security programs
• Exposure to Dev Sec Ops  practices and modern cloud‑native architectures
• Familiarity with AI/ML risk considerations in financial systems

• Competitive Salary & Stock Options
• New‑Hire Home‑Office Setup:
  One‑time USD $500
• Monthly Stipend: USD $150 per month via a Brex Card

Alpaca is proud to be an equal‑opportunity workplace dedicated to pursuing and hiring a diverse workforce.