Head of Information Security (APAC)

Who We Are: Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. Our recent Series D funding round brought our total investment to over $320 million, fueling our ambitious vision. Amongst our subsidiaries, Alpaca is a licensed financial services company, serving hundreds of financial institutions across 40 countries with our institutional-grade APIs. This includes broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges, totalling over 9 million brokerage accounts. Our global team is a diverse group of experienced engineers, traders, and brokerage professionals who are working to achieve our mission of opening financial services to everyone on the planet . We're deeply committed to open-source contributions and fostering a vibrant community, continuously enhancing our award-winning, developer-friendly API and the robust infrastructure behind it. Alpaca is proudly backed by top-tier global investors, including Portage Ventures, Spark Capital, Tribe Capital, Social Leverage, Horizons Ventures, Unbound, SBI Group, Derayah Financial, Elefund, and Y Combinator. Our Team Members: We're a dynamic team of 230+ globally distributed members who thrive working from our favorite places around the world, with teammates spanning the USA, Canada, Japan, Hungary, Nigeria, Brazil, the UK, and beyond! We're searching for passionate individuals eager to contribute to Alpaca's rapid growth. If you align with our core values—Stay Curious, Have Empathy, and Be Accountable—and are ready to make a significant impact, we encourage you to apply. Your Role: Reporting to the Global CISO, the Head of Information Security (APAC) drives Alpaca's regional security, risk, and compliance, focusing on APAC regulations (APPI, FSA, MAS). You will be the regional security authority, collaborating with global teams (Security, Engineering, Legal, Compliance, Product) to align infrastructure, the trading platform, and internal systems with both global standards and local regulatory needs. This role merges security engineering, local compliance, risk management, and stakeholder engagement. You translate regional regulatory requirements into actionable security controls, ensuring a secure, scalable, and compliant platform. You will also be the main contact for regulators, auditors, and local stakeholders, enabling confident operations in highly regulated financial markets. Things You Get To Do: Regional Security Compliance Leadership Manage Alpaca’s APAC information security program Interpret and implement local regulatory requirements into security controls Serve as the APAC security compliance and regulatory expert Ensure alignment with Global Security, Legal, and Compliance on financial services and data protection regulations Security Risk Management Lead risk identification, assessment, and mitigation for cloud infrastructure, APIs, and trading systems Manage and evolve regional risk registers, reporting, and governance Ensure adherence to global frameworks (ISO 27001, SOC 2, CSA STAR) Cloud Platform Security Collaboration Partner with Engineering for secure-by-design, cloud-native infrastructure Provide guidance on IAM, Network security architecture, Secure SDLC, Infrastructure hardening/monitoring Review architecture to embed security and compliance early Regulatory Audits External Engagement Lead and support regulatory exams, audits, and assessments Act as the primary liaison for Regulators, external auditors, and local compliance partners Report findings to the global security team and assist with triage and mitigation Policy, Governance Controls Develop and maintain regional security policies, standards, and procedures as required Localize global policies for APAC regulatory environments Drive control implementation and testing across security and compliance frameworks Who You Are (Must-H ... (truncated, view full listing at source)