Startup Jobs
Post a Job

OKX is hiring a

Security Compliance Director, Technology Governance and Compliance

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa
 

Who We Are

At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.
We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.

About the Team

The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.
 

About the Opportunity

Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection. Ensure timely updates and maintenance of the internal information security management system. Apply for information security certifications such as ISO 27001, SOC, and PCI for our products. Advocate for and oversee the implementation of security compliance and privacy protection requirements. Promptly address and rectify any non-compliant items. Validate and verify that the organization's security controls meet industry requirements. Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations. Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications.
Candidates with lesser experience will also be considered for the position of senior engineer or engineer, depending on their skills and potential.
 

What You'll Be Doing

  • Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, Emerging Technologies (AI/ML, FinTech). Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to senior management.
  • Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.).
  • Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for OKX. Develop and maintain subject matter expertise in one or more technology domains.
  • Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.
  • Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.
  • Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

 

 What We Look For In You

  • At least 10 years of relevant experience in managing ISO 27001:2022, SOC 2 audits, and compliance programs within a global organisational setting.
  • Demonstrate extensive knowledge and hands-on experience with cybersecurity frameworks, such as ISO 27001, PCI-DSS, SOC 2, and other relevant regulatory requirements.
  • Exhibit excellent communication skills and logical reasoning abilities. Maintain a composed demeanor, showcasing a robust commitment to continuous learning and a collaborative, team-oriented mindset.
  • Display self-driven and results-oriented attributes, enjoy challenging tasks, demonstrate a genuine enthusiasm for work, and work well under pressure.
  • Relevant experience in Technology Audit, Risk Management, CyberSecurity Compliance or Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.) and/or Big4 consulting.
  • Certifications: Professional certifications such as CISSP, GIAC, CCNA, CISA, or CIA.
  • Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects.
  • Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives.
  • Professional interests: Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business.
  • Industry experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus.
  • Analytical skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
  • Communication skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team.
  • Global Experience: Experience working in a global organization and managing projects across different time zones (America and EMEA).

 

Nice to Haves

  • Experience in ISO management systems, SOC audits, and PCI certification.
  • Possess an understanding of the Personal Data Protection Act (PDPA) and Technology Risk Management Guidelines (such as PSN 05/06) issued by the Monetary Authority of Singapore (MAS).
  • Relevant industry certifications such as CISM, CISA, CISSP.
  • Experience in compliance for virtual currency trading platforms, particularly in obtaining licenses in Hong Kong, Singapore, Dubai, or Europe and the United States.

 

Perks & Benefits

  • Competitive total compensation package.
  • L&D programs and Education subsidy for employees' growth and development.
  • Various team building programs and company events.
  • Wellness and meal allowances.
  • Comprehensive healthcare schemes for employees and dependants.
  • More that we love to tell you along the process!
Apply for this job

Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Compliance Director Q&A's
Report this job
Apply for this job