Head of Information Security (APAC)

Alpaca is a U.S.‑headquartered, self‑clearing broker‑dealer and brokerage infrastructure provider for stocks, ETFs, options, crypto, fixed income, and 24/5 trading. Our recent Series D round brought our total investment to over $320 million, fueling an ambitious vision to open financial services to everyone on the planet. Alpaca is a licensed financial services company serving hundreds of institutions across 40 countries with institutional‑grade APIs, broker‑dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges—over 9 million brokerage accounts in total. We are a global team of 380+ distributed members who thrive working from the world’s most innovative locations and who are committed to open‑source contributions and community building. Your Role Reporting to the Global CISO, the Head of Information Security (APAC) will drive the regional security, risk and compliance organization, focusing on APAC regulations (APPI, FSA, MAS). You will serve as the regional security authority, collaborating across global teams (Security, Engineering, Legal, Compliance, Product) to align the trading platform, internal systems and infrastructure with both global standards and local regulatory needs. Things You Get To Do Regional Security & Compliance Leadership Manage Alpaca’s APAC information security program Interpret and implement local regulatory requirements into security controls Serve as the APAC security compliance and regulatory expert Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations Security Risk Management Lead risk identification, assessment and mitigation for cloud infrastructure, APIs and trading systems Maintain and evolve regional risk registers, reporting and governance Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR) Cloud & Platform Security Collaboration Partner with Engineering for secure‑by‑design, cloud‑native infrastructure Provide guidance on IAM, network security architecture, secure SDLC and infrastructure hardening/monitoring Review architecture to embed security and compliance early Regulatory Audits & External Engagement Lead and support regulatory exams, audits and assessments Act as the primary liaison for regulators, external auditors and local compliance partners Report findings to the global security team and assist with triage and mitigation Policy, Governance & Controls Develop and maintain regional security policies, standards and procedures as required Localize global policies for APAC regulatory environments Drive control implementation and testing across security and compliance frameworks Who You Are (Must‑Haves) 6+ years of experience in information security, cybersecurity or GRC, preferably in fintech or financial services Fluent in Japanese and English (written and verbal) Excellent understanding of cloud security, application and infrastructure security and risk management frameworks Experience with security and compliance frameworks (ISO 27001, SOC 2, etc.) Direct experience with regulatory requirements in Japan (e.g. APPI / FSA) and/or APAC Proven experience handling audits, regulatory exams or compliance programs Ability to work cross‑functionally with engineering, product and compliance teams Strong communication skills, translating technical risks into business impact Who You Might Be (Nice‑to‑Haves) Experience in brokerage, trading platforms or financial infrastructure Experience with data privacy regulations (APPI, GDPR, etc.) Security certifications (e.g. CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor) Experience building or scaling regional security programs Exposure to DevSecOps practices and modern cloud‑native architectures Familiarity with AI/ML risk considerations in financial systems How We Take Care of You Competitive Salary & Stock Options New‑Hire Home‑Office Setup: One‑time USD $500 Monthly Stipend: USD $150 per month via a Brex Card Alpaca is proud to be an equal‑opportunity workplace dedicated to pursuing and hiring a diverse workforce. #J-18808-Ljbffr