Governance and Security Engineer

Security APAC (Hong Kong or Singapore) Hybrid / Remote

Governance & Security Engineer

Reinvent finance with Reap. We're building resilient, compliant, and secure infrastructure for global money movement. As our Governance & Security Engineer, you'll bridge ICT governance and handson security operations-standing up controls and practices aligned to DORA while keeping our systems hardened day to day. You'll help define the playbook, tune the tools, and raise the bar on operational resilience across the company.

Security at Reap

At Reap, security is how we earn trust. We merge traditional finance with digital assets, so our standards must be clear, auditable, and resilient by design. You will help operationalize DORA, ISO 27001, and our ICT risk framework-from policy and control design to realtime operations-so teams can ship quickly without compromising safety.

What you'll doGovernance and compliance

• Implement and mature our ICT Risk Management Framework aligned with DORA, ISO 27001, and NIST CSF.
• Maintain policies, standards, and procedures; ensure consistent adoption across cloud, onprem, and vendors.
• Contribute to control testing plans, RCSA updates, and risk registers; support control attestation and boardlevel reporting.
• Support vendor risk management and outsourcing oversight in line with DORA Article 30.
• Coordinate periodic selfassessments and independent audits (internal, external, and regulatordriven).

Security operations

• Operate and tune EDR platforms such as SentinelOne or CrowdStrike.
• Drive configuration baselines, patch compliance, and vulnerability remediation tracking.
• Support detection, triage, escalation, and postincident reviews in line with DORA Article 17.
• Maintain logs, alerts, and metrics across SIEM, MDM, and security tooling; contribute to playbooks and runbooks.
• Participate in penetration testing and prioritize remediation with engineering teams.

Access, identity, and data protection

• Manage SSO and the user lifecycle across cloud platforms and SaaS tools.
• Enforce MFA, least privilege, and periodic access reviews.
• Support encryption controls, secure configurations, and data protection measures.

Operational resilience

• Maintain MDM/DR processes that support ICT service continuity per DORA Article 28.
• Run resilience testing, scenario simulations, and disaster recovery exercises.
• Define and document RTOs and RPOs; maintain asset inventories and dependency maps to critical business functions.

Awareness and continuous improvement

• Deliver security awareness sessions and contribute to companywide communications.
• Track and report metrics on incidents, vulnerabilities, access reviews, and training effectiveness.
• Feed lessons learned into control improvements and operating procedures.

About youGovernance and compliance

• Experience building or maintaining information security management systems.
• Strong understanding of regulatory expectations under DORA, GDPR, and MiCAR.
• Skilled in policy drafting, governance documentation, and control monitoring.

Technical and operational security

• Proficient with modern EDR platforms (SentinelOne, CrowdStrike).
• Handson with network security, vulnerability management, and secure configurations.
• Familiar with AWS and cloud hardening practices.
• Working knowledge of SIEM operations, MDM/DR, patch management, and integrating security tooling.

How you work

• Excellent communicator who partners across IT, Engineering, Risk, and Compliance.
• Comfortable operating in a fastpaced, crossfunctional environment.
• Strong analytical and documentation skills that support audit readiness.

RequirementsEssential

• 4+ years in Information Security or ICT Governance.
• Strong technical knowledge of endpoint protection, access management, and network controls.
• Experience supporting ISO 27001, SOC 2, or equivalent frameworks.
• Familiarity with DORA Articles 5-8 and 28-30 or comparable regulatory frameworks.
• Ability to draft and maintain policies, standards, registers, and control evidence.
• Practical experience operating EDR, MDM, SSO, and vulnerability management tools.

Preferred

• Experience in fintech, crypto, or regulated financial services.
• Knowledge of AWS or other cloud environments.
• Recognized certifications such as CompTIA Security+, ISO 27001 Lead Implementer, or Google Cybersecurity.
• Experience preparing materials for board or regulator reporting.

What this role offers

• A chance to build a DORAaligned ICT governance and security capability from the ground up.
• Exposure to both regulatory frameworks and advanced technical controls.
• Growth pathways toward Governance Manager or Security Architect.
• Direct collaboration with the CISO, CIO, and Compliance on enterprise resilience.

About Reap

Reap is a leading global payment technology provider that enables financial connectivity and access for businesses worldwide. By merging traditional finance with digital assets, bridging disparate economies, and connecting key financial players, we are transforming the financial landscape into a more interconnected and interoperable space for efficient money movement.

With stablecoinenabled corporate cards, payout solutions, and expense management tools, we streamline financial operations and empower businesses to scale. Our APIs enable businesses to embed finance into their own products and services, from issuing Visa cards to facilitating crossborder payments.

Reap is supported by a strong network of investors, including Acorn Pacific Ventures, Arcadia Funds, HashKey Capital, Hustle Fund, Fresco Capital, Abacus Ventures, and Payment Asia.

Founded in 2018. Coworkers 300+