Job Description

About the role

We are looking for a Senior Security and Privacy Analyst to serve as the APAC regional lead for AvePoint's Privacy, Security & Risk (PSR) program. You will help implement and drive initiatives, programs, and projects to raise our game in Information Security, Privacy, and Risk Management across the Asia-Pacific region. You are pragmatic, operational, and practical in your understanding of risk and security, but also have a business-minded approach. You will help us "say what we do, do what we say, and prove it."

This role is critical to supporting AvePoint's expanding APAC compliance footprint—including ISMAP (Japan), IRAP (Australia), and regional privacy regulations—while partnering closely with our global PSR team.

Key Responsibilities

• Regional Compliance & Certification: Lead and operationalize APAC-specific certification and audit activities, with primary focus on Japan's ISMAP (Information system Security Management and Assessment Program) and Australia's IRAP (Infosec Registered Assessors Program), including evidence gathering, control mapping, and coordination with external assessors.
• Privacy & Data Protection: Support compliance with APAC data protection laws and regulations, including Japan's APPI, Australia's Privacy Act, and other regional requirements such as South Korea's PIPA, in alignment with AvePoint's global privacy standards.
• Security Operations: Contribute hands-on to the day-to-day operations of the information security and privacy program, including monitoring and responding to security incidents across the APAC region.
• Audit & Risk Management: Operationalize activities around certifications, audits, and risk management initiatives. Support internal and external audit readiness, including SOC 2 Type II, ISO 27001, ISO 27701, and APAC-specific frameworks.
• Sales Enablement & Customer Trust: Partner with the APAC sales organization on PSR matters—respond to customer security questionnaires, RFPs, and due diligence requests, balancing deal velocity with AvePoint's PSR requirements. Serve as a regional representative and advocate of AvePoint's expertise in data security.
• Documentation & Communication: Update and maintain security and privacy documentation to keep current with frequent regulatory and programmatic changes in the APAC region. Create effective technical communications in both Japanese and English across a variety of media.
• Security Champions Program: Collaborate with regional Security Champions (e.g., in Japan, Singapore, China, and ANZ) to enhance security awareness, promote best practices, and drive localized security initiatives.
• Cross-Functional Collaboration: Actively participate in cross-functional teams representing the PSR function. Collaborate with the CISO/CPO and senior leadership to develop and execute strategic plans for APAC security and privacy initiatives.
• Vendor & Third-Party Risk: Support vendor risk assessments and third-party security evaluations for APAC-based partners and subprocessors, ensuring compliance with AvePoint's data protection and information security standards.
• Continuous Improvement: Continuously improve internal PSR deliverables and content in response to feedback from APAC customers, colleagues, and evolving regulatory landscapes.

Required Qualifications

• Education: Bachelor's degree in Information Security, Computer Science, Engineering, Law, or a related field. A master's degree is preferred.
• Experience: Approximately 5–8 years of experience in information security, privacy, compliance, or risk management, with at least 2 years of experience supporting APAC-region compliance programs.
• Language:Fluent in Japanese and English (spoken and written) — this is a hard requirement. The role requires the ability to translate technical security and privacy concepts between both languages, interact with Japanese government-adjacent auditing bodies, and produce professional documentation in both languages.
• Writing Skills: Strong background in writing with excellent editing and proofreading skills in both English and Japanese.
• Technical Knowledge: Solid understanding of networking, cloud infrastructure, and information security principles. Familiarity with security frameworks such as ISO 27001, ISO 27002, SOC 2, and NIST SP 800-53.
• Regulatory Knowledge: Working knowledge of APAC privacy and data protection regulations (e.g., Japan APPI, Australia Privacy Act, PDPA).

Preferred Qualifications

• ISMAP Expertise: Familiarity with Japan's ISMAP framework, including ISMAP management standards, the audit process, and cloud service registration requirements. Experience supporting ISMAP audits or readiness assessments is highly valued.
• IRAP Expertise: Familiarity with Australia's IRAP framework, including the ISM (Information Security Manual), PSPF, and the four-stage IRAP assessment process (Plan & Prepare → Define Scope → Assess Controls → Report Findings).
• Additional Languages: Proficiency in Chinese (Mandarin) and/or Vietnamese is a significant plus.
• Certifications: Relevant certifications such as CIPP/A, CISSP, CISM, CISA, or ISO 27001 Lead Auditor are highly desirable.
• Industry Experience: Experience in a SaaS, cloud software, or technology company in the security, privacy, or compliance field.
• Sales Enablement: Experience supporting sales teams with security questionnaires, RFPs, and customer-facing trust narratives.

What We Offer

• The opportunity to be the APAC voice of one of the most forward-thinking PSR programs in the data management industry
• Direct collaboration with AvePoint's global Security Team, including the CISO/CPO and senior leadership
• A dynamic, global team culture that values agility, passion, and teamwork
• Professional development support, including certification sponsorship
• Competitive compensation and benefits aligned with APAC market standards