The Apex Group was established in Bermuda in 2003 and is now one of the world’s largest fund administration and middle office solutions providers. Our business is unique in its ability to reach globally, service locally and provide cross-jurisdictional services. With our clients at the heart of everything we do, our hard-working team has successfully delivered on an unprecedented growth and transformation journey, and we are now represented by over circa 13,000 employees across 112 offices worldwide.

Your career with us should reflect your energy and passion. That’s why, at Apex Group, we will do more than simply ‘empower’ you. We will work to supercharge your unique skills and experience. Take the lead and we’ll give you the support you need to be at the top of your game. And we offer you the freedom to be a positive disrupter and turn big ideas into bold, industry-changing realities. For our business, for clients, and for you

Regional Information Security Manager – APAC

Location: Makati City

Lead the APAC regional technical risk team to govern, monitor, and continuously improve information security and cyber risk exposure in alignment with Cyber Strategy and Group CISO expectations. Own region-wide KRIs/KPIs, RCSA, issue remediation, and assurance cycles for banking, capital markets, payments, and hedge fund businesses. Ensure conformity and risk alignment with APEX Gold standard, NIST CSF 2.0, ISO/IEC 27001:2022, ISO 31000:2018, COBIT 2019, PCI DSS v4.0/v4.0.1, and APAC-specific regulatory frameworks (e.g., MAS TRM, HKMA technology/cyber guidance, APRA CPS 234) and applicable global obligations (e.g., SOX where relevant to listings).

Job Responsibilities:

Define/maintain APAC KRIs/KPIs mapped to risk appetite; implement MQA checks (accuracy, timeliness, completeness), trend monitoring, and breach handling across business services and platforms. Align with NIST CSF 2.0 outcomes (Govern/Identify/Protect/Detect/Respond/Recover) and ISO/IEC 27001:2022 ISMS control environment
Lead multi-tower RCSA; calibrate inherent/residual risk to ISO 31000 principles; drive remediation with owners; manage risk acceptances with timebound treatment plans
Apply TRM governance (e.g., Board/Senior Mgmt oversight, incident notification timelines, RTOs for critical systems) for Singapore
Follow HKMA supervisory cyber approach/circulars and RegTech guidance on cyber risk management and e-banking security enhancements for Hong Kong
Ensure board accountability, control testing, asset classification, and 72-hour material incident notification to APRA for Australia
Globally maintain conformity with PCI DSS v4.0/v4.0.1 timelines
Host regional information security forum, review & management of all regional information security, Compliance risk with regional leads
Execute delegated tasks as deemed appropriate by the Group CISO and other empowered Group Cyber leadership authorities, ensuring timely and effective completion in alignment with organizational priorities
Support the Group Cyber Strategy end-to-end, driving alignment of all activities, decisions, and deliverables with strategic objectives and business outcomes
Deliver Monthly APAC posture, KRI/KPI trends, thematic issues, incident learnings, and decision requests. Feed clear, decision-ready inputs to the Technology Risk Forum; coordinate with application/infra/service owners to turn metrics green
Orchestrate communication across application/platform owners, SOC, IT Ops, Risk/Compliance, auditors/regulators; present complex topics clearly to senior leadership
When metrics are persistently red/non-actionable, perform RCA and cutover to improved definitions/thresholds consistent with Cyber Strategy and Group CISO guidance
Partner with BI/GRC teams to embed dashboards and evidence repositories
Govern regional KRIs/KPIs and ensure fit-for-purpose metrics mapped to risk appetite
Lead annual RCSA with ISO 31000 risk principles: close remediation actions
Maintain compliance to APEX Gold standard, NIST CSF 2.0, ISO/IEC 27001:2022, COBIT 2019; sustain PCI DSS v4.0/v4.0.1 for payments
Drive a Metric Rewrite Protocol for persistently failing metrics (RCA → redesign → pilot → cutover)
Ensure SOX 404 (where applicable) alignment for ICFR/ITGCs; coordinate management assessment and external audit readiness

Skills Required:

5–10 years in information security, cyber risk assurance, or GRC within financial services; proven APAC regulatory delivery (MAS/HKMA/APRA)
NIST CSF 2.0, ISO/IEC 27001:2022, ISO 31000, COBIT 2019, PCI DSS v4.0
Strong stakeholder management and executive presentation skills
Preferred certs: CISM / CRISC, ISO 27001 LA, ISO 31000; cloud security (AWS/Azure/GCP)

What you will get in return:

A genuinely unique opportunity to be part of an expanding large global business;
Competitive remuneration commensurate with skills and experience;
Training and development opportunities

Additional information:

We are an equal opportunity employer and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnicity, age, sexual orientation, socio-economic, responsibilities for dependants, physical or mental disability. Any hiring decision are made on the basis of skills, qualifications and experiences.

We measure our success as a business, not only by delivering great products and services and continually increasing our assets under administration and market share, but also by how we positively impact people, society and the planet. For more information on our commitment to Corporate Social Responsibility (CSR) please https://www.apexgroup.com/corporate-social-responsibility/

“Personal data provided by job applicant(s) will be used for recruitment purposes only and will be treated strictly confidential. Such personal data can be accessed by different Apex stakeholders within and out of country for the consideration of the job application hereunder. Application made by the job applicant(s) constitutes the irrevocable consent of the job applicant for her/his personal data to be used by Apex stakeholders within or outside country for the purpose of this recruitment.”

Disclaimer: Unsolicited CVs sent to Apex (Talent Acquisition Team or Hiring Managers) by recruitment agencies will not be accepted for this position. Apex operates a direct sourcing model and where agency assistance is required, the Talent Acquisition team will engage directly with our exclusive recruitment partners.

About Apex Group

We are dedicated to driving positive change in financial services while fuelling the growth and ambitions of asset managers, allocators, financial institutions, and family offices. Established in Bermuda in 2003, the Group has continually disrupted the asset serving industry through our investment in innovation and talent. Today, we set the pace in asset servicing and stand out for our unique single-source solution and unified cross asset-class platform which supports the entire value chain, harnesses leading innovative technology, and benefits from cross-jurisdictional expertise delivered by a long-standing management team and over 13,000 highly integrated professionals.

We’re a people-powered business, and our people are full of ambition. Together, we’re inspired to lead the new era of data and tech enabled service. Bringing new products and services to market. Sharpening our client focus. Disrupting the market to exceed expectations. Innovating across a range of specialisms. With our focus on making a difference to our people, our planet and our society, you’ll experience more here than you would at most other companies. Prepare to accelerate.

We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

Positive change starts with you. We’re a people-powered business with a vision to inspire a new era of service-led FinTech. We’re expanding globally and offering more to our clients. This means you get more opportunities to grow with us. So prepare to accelerate. We’ll make sure the time and effort you put in takes you further, faster.

The journey is yours to own. When you stretch yourself, you grow. We want you to explore ways of working that will see you thrive as part of something bigger. We’ll help you with a solid structure, challenging projects, vibrant networks, supportive colleagues and approachable leaders. All the things you need to own your unique journey.

Find out more about us

Regional Information Security Manager – APAC