Security Officer

About the role

At Startale, our mission is to "Build the Next Civilization By Bringing Billions Onchain." We are seeking a hands-on Security Specialist who thrives in a startup environment. This role focuses on corporate security operations, policy implementations, and compliance management to enable further growth of Startale.

This is a hands-on role - you will not only create security policies and procedures but also actively participate in implementation, deployment, automation and enforcement across the organization. You must be able to work with technical teams to ensure security controls are properly configured and operational, not just documented. You will own the foundations of corporate security and enable teams to ship safely, partnering our Product, Engineering and Corporate admin teams as well as closely with our Japan-based business partners.

It’s about ownership mindset and bias to action and pragmatic security-by-default approach. Scope is intentionally broad leaving potential for growth of responsibilities as our company grows.

If it impacts security, you lead or enable it.

Key responsibilities

• Corporate Security Operations: Develop, implement, and enforce corporate security policies, procedures, and best practices to meet internal security needs and partner requirements, ensure policies are actively followed throughout the organization, support partner security assessments, and maintain security documentation. You will work hands-on to configure security tools, implement controls, and verify they are functioning correctly - this is not a policy-only role.
• Identity and Access Management: Manage user provisioning, deprovisioning, and access reviews, implement multi-factor authentication (MFA) and single sign-on (SSO) solutions, establish access control policies and permissions, and automate IAM processes wherever possible. You must have a solid understanding of identity protocols (SAML, OAuth, OIDC) to properly configure and troubleshoot SSO implementations, not just use IAM tools at a surface level.
• Compliance and Third-Party Security: Assess security posture of both our company as well as of partners and third-party providers, ensure compliance with security regulations and standards, manage compliance audits and assessments (ISO27001/SOC2), and implement compliance automation and controls
• Secure Development Lifecycle Review: Understand and review secure development lifecycle (SDLC) processes, assess development workflows for security compliance, and collaborate with engineering teams to ensure security is integrated into software development practices. You should be able to identify security gaps in development processes and recommend improvements, even if you are not directly implementing CI/CD pipelines or managing infrastructure
• Security Awareness and Training: Conduct security simulation exercises (phishing, social engineering), provide security training to teams and implement security awareness programs

Qualifications

Required experiences

• 3+ years of experience in corporate security, information security, or similar role
• Identity and Access Management: Experience with identity management tools, mobile device management (MDM), and endpoint detection and response (EDR) tools for user management and BYOD device management.
• Must understand identity protocols (SAML, OAuth, OIDC) at a technical level to properly configure and troubleshoot SSO implementations.
• Experience with security awareness training, phishing simulation programs, and security culture building
• Secure Development Lifecycle Awareness: Understanding of secure development lifecycle (SDLC) concepts and ability to review development processes for security compliance. You should be able to assess CI/CD pipelines, code review processes, and dependency management for security gaps, even if you are not directly implementing these systems
• Understanding of compliance frameworks (ISO27001, SOC2) and vendor risk assessment
• English language proficiency (business level)
• Japanese language proficiency (business level)
• Experience working in technology companies or startups

 

Nice-to-have

• Knowledge of cloud security concepts (AWS/Azure/GCP)
• Experience with Japanese regulators/authorities to meet fintech security requirements and standards
• Experience with vendor risk assessment and third-party security management
• Security certifications (CISSP, CISM, CISA, or similar corporate security certifications)
• Web3/Blockchain Security Awareness: Basic understanding of Web3 and blockchain security concepts, smart contract security considerations, and on-chain/off-chain security monitoring. While deep expertise is more than welcome, basic awareness of blockchain-specific security challenges when applying to this role is valuable for a company operating in this space. However, your interest and growth in this domain is a must and part of the role

Location / Timezone

• Tokyo, Japan - Must be able to work from office or
• Singapore

Target start date

• ASAP

Target companies

• Technology companies with corporate security focus
• Experience with partner security requirements
• Japanese companies or international companies with Japanese operations

Ideal candidate

• Acts like an owner; optimizes for impact per effort; removes complexity
• Ability to work independently and manage tasks with minimal supervision
• Ships in small slices; learns and iterates; does not stall for perfect
• Strong attention to detail and ability to follow established security procedures, documents decisions and playbooks for leverage
• Good communication skills in both Japanese and English for partner interaction
• Collaborative across functions (DevOps, Engineering, HR, Legal, Admin)