Roles & Responsibilities

Experience in compliance, IT governance, or security program management, ideally in fintech, payments, or regulated industries.
Strong understanding of security and compliance frameworks (PCI DSS, SOC 2, ISO 27001, MAS TRM, GDPR).
Ability to translate regulatory and compliance requirements into practical, technical implementations.
Strong project management skills with the ability to coordinate across multiple stakeholders; comfortable working with auditors and engineers.

Requirements:

Lead PCI DSS, SOC 2, MAS PSA, and other regulatory compliance programs and coordinate audits with internal stakeholders and external auditors.
Maintain compliance calendar (e.g., pen tests, ASV scans, policy reviews, risk assessments) and develop/update internal policies, IT governance frameworks, and controls.
Partner with engineering to design and implement security features (encryption, access controls, logging); track security incidents, risk assessments, and vendor due diligence; support business continuity planning, disaster recovery, and incident response.
Drive cross-team initiatives to embed security and compliance in product development; translate compliance requirements into actionable engineering/product tasks and serve as the main point of contact for compliance and security questions from internal/external stakeholders.

Job description

About HitPay

HitPay is a full-stack payments infrastructure platform for growing businesses in APAC. Headquartered in Singapore and regulated by central banks across Southeast Asia, we enable over 20,000 SMBs to accept online and in-person payments through local methods that their customers trust. From real-time payment schemes to e-wallets and credit card terminals, HitPay is transforming how Southeast Asia pays.

About the Role

As Compliance & Security Program Manager at HitPay, you will be responsible for driving our compliance, IT governance, and security initiatives across the organization. This is a cross-functional role that blends program management, compliance oversight, and technical understanding. You will work closely with auditors, regulators, and internal teams (product, engineering, and operations) to ensure that HitPay remains compliant with regulatory frameworks and industry standards while building secure and resilient products.

Key Responsibilities

Compliance & Governance
- Lead PCI DSS, SOC 2, MAS PSA, and other regulatory compliance programs.
- Coordinate audits with internal stakeholders and external auditors.
- Maintain compliance calendar (e.g., pen tests, ASV scans, policy reviews, risk assessments).
- Develop and improve internal policies, IT governance frameworks, and controls.
Security Oversight
- Partner with engineering to design and implement security features (e.g., encryption, access controls, logging).
- Track security incidents, risk assessments, and vendor due diligence.
- Support business continuity planning, disaster recovery, and incident response.
Cross-Functional Program Management
- Drive cross-team initiatives ensuring security and compliance are embedded in product development.
- Translate compliance requirements into actionable engineering and product tasks.
- Act as the main point of contact for compliance and security questions from internal and external stakeholders.

What We’re Looking For

Experience in compliance, IT governance, or security program management, ideally in fintech, payments, or regulated industries.
Strong understanding of security and compliance frameworks (PCI DSS, SOC 2, ISO 27001, MAS TRM, GDPR).
Ability to translate regulatory and compliance requirements into practical, technical implementations.
Strong project management skills – able to coordinate across multiple stakeholders.
Comfortable working with both auditors and engineers.
Bonus: Technical background (security engineering, IT, or product/engineering experience).