Location: Remote - South East Asia

Team: Engineering

Role Type: Full-time

About the Role

As Compliance & Security Program Manager at HitPay, you will be responsible for driving our compliance, IT governance, and security initiatives across the organization. This is a cross-functional role that blends program management, compliance oversight, and technical understanding. You will work closely with auditors, regulators, and internal teams (product, engineering, and operations) to ensure that HitPay remains compliant with regulatory frameworks and industry standards while building secure and resilient products.

Key Responsibilities

• Compliance & Governance

  • Lead PCI DSS, SOC 2, MAS PSA, and other regulatory compliance programs.

  • Coordinate audits with internal stakeholders and external auditors.

  • Maintain compliance calendar (e.g., pen tests, ASV scans, policy reviews, risk assessments).

  • Develop and improve internal policies, IT governance frameworks, and controls.

• Security Oversight

  • Partner with engineering to design and implement security features (e.g., encryption, access controls, logging).

  • Track security incidents, risk assessments, and vendor due diligence.

  • Support business continuity planning, disaster recovery, and incident response.

• Cross-Functional Program Management

  • Drive cross-team initiatives ensuring security and compliance are embedded in product development.

  • Translate compliance requirements into actionable engineering and product tasks.

  • Act as the main point of contact for compliance and security questions from internal and external stakeholders.

What We’re Looking For

• Experience in compliance, IT governance, or security program management, ideally in fintech, payments, or regulated industries.

• Strong understanding of security and compliance frameworks (PCI DSS, SOC 2, ISO 27001, MAS TRM, GDPR).

• Ability to translate regulatory and compliance requirements into practical, technical implementations.

• Strong project management skills – able to coordinate across multiple stakeholders.

• Comfortable working with both auditors and engineers.

• Bonus: Technical background (security engineering, IT, or product/engineering experience).