About Us
We're a fastgrowing payments and wealth fintech hiring a Head of Infrastructure to lead our multicloud environment across AWS and Oracle Cloud Infrastructure (OCI).
In this role, you will define our infrastructure architecture, drive longterm planning and roadmaps, and oversee implementation, reliability engineering, testing, and daytoday operations. You will champion an automationfirst culture where Infrastructure as Code (IaC) and programmatic operations are the default.
You'll ensure our platforms are secure, resilient, compliant, costefficient, and fully observable, supporting alwayson payments with clear SLOs and a strong incident response posture.
Brief summary of the role and its purpose:
Lead the security engineering, security operations, and technology risk functions. Define and execute the cyber defense strategy, ensuring all controls meet or exceed regulatory requirements (e.g., MAS TRM, HKMA Technology Risk, PDPA, GDPR). Drive compliance initiatives and certification programs, including SOC 2 and PCI DSS.
Key responsibilities
- Lead Security Architecture & Engineering: Define security reference architecture, IAM strategy, application and data security controls, and detection engineering standards across cloud and enterprise environments.
- Oversee Security Operations & Incident Response: Manage MDR services, threat intelligence, vulnerability management, and red/purple team exercises to strengthen detection and response capabilities.
- Drive Risk, Compliance & Governance: Maintain policy frameworks, ensure regulatory and industry compliance (MAS TRM, HKMA, PDPA, GDPR, ISO 27001, SOC 2, PCI-DSS), and manage audits and third-party risk.
- Set Strategy & Executive Reporting: Develop multi-year security roadmap, optimize tooling and vendor portfolio, secure resources, and deliver concise risk narratives and performance metrics to leadership.
Top 3 Required Qualifications (skills, experience, certifications):
- 12+ years in information security with 5+ years leading multi-disciplinary teams across security engineering, operations, and GRC.
- Proven experience in regulated financial services (banking, payments, fintech) with hands-on management of Tech Risk/Operational Resilience, and Data Privacy Compliance programs.
- Demonstrated success implementing Zero Trust, DevSecOps, cloud security (AWS/OCI), SIEM/EDR/SOAR, IAM/PAM, DLP, and data protection controls at scale.
- Strong incident leadership: complex investigations, crisis coordination, stakeholder communications, post-incident reviews with durable remediation.
- Good communication skills with the ability to translate technical risk into business outcomes; excellent communication and stakeholder management.
Preferred Qualifications (nice-to-have):
- CISSP, CISM/CCISO, CCSP
- ISO/IEC 27001 Lead Implementer/Lead Auditor
- SOC 2 program leadership experience
- PCI DSS (e.g., SAQ/QSA engagement experience; CDE scoping, segmentation)
- Certified Data Protection credentials (e.g., CIPP/E, CIPM)
