Governance and Security Engineer

Security · APAC (Hong Kong or Singapore) · Hybrid / Remote

Governance & Security Engineer 

Reinvent finance with Reap. We're building resilient, compliant, and secure infrastructure for global money movement. As our Governance & Security Engineer, you'll bridge ICT governance and hands‑on security operations-standing up controls and practices aligned to DORA while keeping our systems hardened day to day. You'll help define the playbook, tune the tools, and raise the bar on operational resilience across the company.

Security at Reap

At Reap, security is how we earn trust. We merge traditional finance with digital assets, so our standards must be clear, auditable, and resilient by design. You will help operationalize DORA, ISO 27001, and our ICT risk framework-from policy and control design to real‑time operations-so teams can ship quickly without compromising safety.

What you'll doGovernance and compliance

• Implement and mature our ICT Risk Management Framework aligned with DORA, ISO 27001, and NIST CSF.
• Maintain policies, standards, and procedures; ensure consistent adoption across cloud, on‑prem, and vendors.
• Contribute to control testing plans, RCSA updates, and risk registers; support control attestation and board‑level reporting.
• Support vendor risk management and outsourcing oversight in line with DORA Article 30.
• Coordinate periodic self‑assessments and independent audits (internal, external, and regulator‑driven).

Security operations

• Operate and tune EDR platforms such as SentinelOne or CrowdStrike.
• Drive configuration baselines, patch compliance, and vulnerability remediation tracking.
• Support detection, triage, escalation, and post‑incident reviews in line with DORA Article 17.
• Maintain logs, alerts, and metrics across SIEM, MDM, and security tooling; contribute to playbooks and runbooks.
• Participate in penetration testing and prioritize remediation with engineering teams.

Access, identity, and data protection

• Manage SSO and the user lifecycle across cloud platforms and SaaS tools.
• Enforce MFA, least privilege, and periodic access reviews.
• Support encryption controls, secure configurations, and data protection measures.

Operational resilience

• Maintain MDM/DR processes that support ICT service continuity per DORA Article 28.
• Run resilience testing, scenario simulations, and disaster recovery exercises.
• Define and document RTOs and RPOs; maintain asset inventories and dependency maps to critical business functions.

Awareness and continuous improvement

• Deliver security awareness sessions and contribute to company‑wide communications.
• Track and report metrics on incidents, vulnerabilities, access reviews, and training effectiveness.
• Feed lessons learned into control improvements and operating procedures.

About youGovernance and compliance

• Experience building or maintaining information security management systems.
• Strong understanding of regulatory expectations under DORA, GDPR, and MiCAR.
• Skilled in policy drafting, governance documentation, and control monitoring.

Technical and operational security

• Proficient with modern EDR platforms (SentinelOne, CrowdStrike).
• Hands‑on with network security, vulnerability management, and secure configurations.
• Familiar with AWS and cloud hardening practices.
• Working knowledge of SIEM operations, MDM/DR, patch management, and integrating security tooling.

How you work

• Excellent communicator who partners across IT, Engineering, Risk, and Compliance.
• Comfortable operating in a fast‑paced, cross‑functional environment.
• Strong analytical and documentation skills that support audit readiness.

RequirementsEssential

• 4+ years in Information Security or ICT Governance.
• Strong technical knowledge of endpoint protection, access management, and network controls.
• Experience supporting ISO 27001, SOC 2, or equivalent frameworks.
• Familiarity with DORA Articles 5-8 and 28-30 or comparable regulatory frameworks.
• Ability to draft and maintain policies, standards, registers, and control evidence.
• Practical experience operating EDR, MDM, SSO, and vulnerability management tools.

Preferred

• Experience in fintech, crypto, or regulated financial services.
• Knowledge of AWS or other cloud environments.
• Recognized certifications such as CompTIA Security+, ISO 27001 Lead Implementer, or Google Cybersecurity.
• Experience preparing materials for board or regulator reporting.

What this role offers

• A chance to build a DORA‑aligned ICT governance and security capability from the ground up.
• Exposure to both regulatory frameworks and advanced technical controls.
• Growth pathways toward Governance Manager or Security Architect.
• Direct collaboration with the CISO, CIO, and Compliance on enterprise resilience.

About Reap

Reap is a leading global payment technology provider that enables financial connectivity and access for businesses worldwide. By merging traditional finance with digital assets, bridging disparate economies, and connecting key financial players, we are transforming the financial landscape into a more interconnected and interoperable space for efficient money movement.

With stablecoin‑enabled corporate cards, payout solutions, and expense management tools, we streamline financial operations and empower businesses to scale. Our APIs enable businesses to embed finance into their own products and services, from issuing Visa cards to facilitating cross‑border payments.

Reap is supported by a strong network of investors, including Acorn Pacific Ventures, Arcadia Funds, HashKey Capital, Hustle Fund, Fresco Capital, Abacus Ventures, and Payment Asia.

Founded in Coworkers 300+

---