About the role
At Startale, our mission is to “Build the Next Civilization By Bringing Billions Onchain.” We are seeking a hands-on Security Specialist who thrives in a startup environment. This role focuses on corporate security operations, policy implementations, and compliance management to enable further growth of Startale. This is a hands-on role it’s not only about creating policies but turning them into working, automated systems. You will own the foundations of corporate security and enable teams to ship safely, partnering our Product, Engineering and Corporate admin teams as well as closely with our Japan-based business partners.
It’s about ownership mindset and bias to action and pragmatic security-by-default approach. Scope is intentionally broad leaving potential for growth of responsibilities as our company grows.
If it impacts security, you lead or enable it.
Key responsibilities
- Corporate Security Operations: Develop, implement, and enforce information security policies, procedures, and best practices to meet internal security needs, ensure policies are actively followed throughout the organization, support partner security assessments, maintain security documentation.
- Compliance: Assess security posture of both our company as well as of partners and third-party providers, ensure compliance with information security regulations and standards, manage compliance audits and assessments (such as ISO27001/SOC2), and implement compliance automation and controls. Own information security aspects of business continuity.
- Identity, Access and Endpoint Security Management: Operate SSO/MFA and access control (Okta/Azure AD/Google Workspace); implement least privilege and just-in-time access; manage device lifecycle with MDM and EDR tooling. Automate processes wherever possible.
- Security Awareness and Training: Conduct security simulation exercises (phishing, social engineering), provide security training to teams and implement security awareness programs
Qualifications
Required experiences
- 3+ years of experience in corporate security, information security, or similar role
- Experience with identity management tools (such as OKTA, Azure AD), mobile device management (MDM), and endpoint detection and response (EDR) tools for user management and BYOD device management
- Experience with security awareness training, phishing simulation programs, and security culture building
- Understanding of compliance frameworks (ISO27001, SOC2) and vendor risk assessment
- English language proficiency (business level)
- Japanese language proficiency (business level)
- Experience working in technology companies or startups
Nice-to-have
- Knowledge of cloud security concepts (AWS/Azure/GCP)
- Experience with Japanese regulators/authorities to meet fintech security requirements and standards
- Experience with vendor risk assessment and third-party security management
- Security certifications (CISSP, CISM, CISA, or similar corporate security certifications)
Location / Timezone
- Tokyo, Japan – Must be able to work from office or
- Singapore
Target start date
Target companies
- Technology companies with corporate security focus
- Experience with partner security requirements
- Japanese companies or international companies with Japanese operations
Ideal candidate
- Acts like an owner; optimizes for impact per effort; removes complexity
- Ability to work independently and manage tasks with minimal supervision
- Ships in small slices; learns and iterates; does not stall for perfect
- Strong attention to detail and ability to follow established security procedures, documents decisions and playbooks for leverage
- Good communication skills in both Japanese and English for partner interaction
- Collaborative across functions (DevOps, Engineering, HR, Legal, Admin)
