Startup Jobs
Post a Job

OKX is hiring a

Security Compliance Director, Technology Governance and Compliance

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa
 

Who We Are

At OKX, we believe the future will be reshaped by technology. Founded in 2017, we are revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 50 million users in over 180 countries globally, OKX empowers every individual to explore the world of Web3. With our extensive range of products and services, and unwavering commitment to innovation, OKX envisions a world of financial access backed by blockchain and the power of decentralized finance.
 
We are innovative in the way we think, work, and in the products we create. We are also socially responsible by actively participating and encouraging employees to take part in various public welfare activities. With more than 3,000 employees around the world, we believe embracing diversity and inclusion will spark the creation of long-term value for the industry. Come Build the Future with Us now!

About the Team

The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.
 

About the Opportunity

Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection. Ensure timely updates and maintenance of the internal information security management system. Apply for information security certifications such as ISO 27001, SOC, and PCI for our products. Advocate for and oversee the implementation of security compliance and privacy protection requirements. Promptly address and rectify any non-compliant items. Validate and verify that the organization's security controls meet industry requirements. Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations. Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications.
Candidates with lesser experience will also be considered for the position of senior engineer or engineer, depending on their skills and potential.
 

What You'll Be Doing

  • Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, Emerging Technologies (AI/ML, FinTech). Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to senior management.
  • Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.).
  • Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for OKX. Develop and maintain subject matter expertise in one or more technology domains.
  • Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.
  • Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.
  • Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

 

 What We Look For In You

  • At least 10 years of relevant experience in managing ISO 27001:2022, SOC 2 audits, and compliance programs within a global organisational setting.
  • Demonstrate extensive knowledge and hands-on experience with cybersecurity frameworks, such as ISO 27001, PCI-DSS, SOC 2, and other relevant regulatory requirements.
  • Exhibit excellent communication skills and logical reasoning abilities. Maintain a composed demeanor, showcasing a robust commitment to continuous learning and a collaborative, team-oriented mindset.
  • Display self-driven and results-oriented attributes, enjoy challenging tasks, demonstrate a genuine enthusiasm for work, and work well under pressure.
  • Relevant experience in Technology Audit, Risk Management, CyberSecurity Compliance or Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.) and/or Big4 consulting.
  • Certifications: Professional certifications such as CISSP, GIAC, CCNA, CISA, or CIA.
  • Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects.
  • Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives.
  • Professional interests: Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business.
  • Industry experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus.
  • Analytical skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
  • Communication skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team.
  • Global Experience: Experience working in a global organization and managing projects across different time zones (America and EMEA).

 

Nice to Haves

  • Experience in ISO management systems, SOC audits, and PCI certification.
  • Possess an understanding of the Personal Data Protection Act (PDPA) and Technology Risk Management Guidelines (such as PSN 05/06) issued by the Monetary Authority of Singapore (MAS).
  • Relevant industry certifications such as CISM, CISA, CISSP.
  • Experience in compliance for virtual currency trading platforms, particularly in obtaining licenses in Hong Kong, Singapore, Dubai, or Europe and the United States.

 

Perks & Benefits

  • Competitive total compensation package.
  • L&D programs and Education subsidy for employees' growth and development.
  • Various team building programs and company events.
  • Wellness and meal allowances.
  • Comprehensive healthcare schemes for employees and dependants.
  • More that we love to tell you along the process!
Apply for this job

Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Compliance Director Q&A's
Report this job
Apply for this job