OKX is hiring a

Senior Security Engineer, Technology Governance and Compliance

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa
 

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Team

The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.
 
About the Opportunity
Security breaches are the number one cause of death amongst digital currency companies. Security is the core to our mission and has been a key competitive differentiator for us as we scale
As a Security Engineer on the Technology Governance & Compliance team, you will lead and manage multiple initiatives to mature OKX security programs globally. You’ll also have an opportunity to pitch, lead and participate in cross-functional initiatives that uplevel the security of all OKX products and services. This role works horizontally across the business to provide guidance for the design and implementation of key security controls, tools and technologies.
 
What You'll Be Doing
  • Analyze and assess security and compliance gaps identified by internal and external audits.
  • Develop and execute remediation plans for audit findings.
  • Create and maintain solutions that uphold continuous compliance with industry security standards and regulations (ISO27001, SOC 1/2, NIST, CIS benchmarks, SOX, etc.).
  • Conduct IT security and architecture governance to ensure systems and processes comply with relevant standards.
  • Support tech governance and compliance initiatives, including those related to IPO readiness if applicable.
  • Implement and maintain Business Continuity Management (BCM) and Business Continuity Planning (BCP) processes, including conducting Business Impact Analysis.
  • Track remediation progress and regularly report to management on governance work effectiveness.
  • Develop and refine IT governance-related policies and procedures (P&P), providing implementation guidance.
  • Manage third-party security assessments and due diligence requests from regulatory agencies and auditors.
  • Develop procedures to respond to security and compliance queries from third-party providers, partners, and internal stakeholders.
  • Identify and implement tooling to automate processes and workflows that scale security goals and increase efficiency.
  • Lead cross-functional security efforts in the APAC region, working with Legal, Compliance, Engineering, HR, and Finance.
  • Continuously monitor and evaluate the company's security compliance status, proposing improvements.
  • Stay up-to-date on industry trends and best practices to drive continuous improvement of security compliance capabilities.
 What We Look For In You
  • At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance and 3 years of experience in IT process governance and technology governance projects within large internet enterprises, blockchain companies, or fintech startups.
  • In-depth understanding of various audit standards such as ISO 27001, COBIT, SOC2, SOC1, PCI-DSS, NIST, and SOX.
  • Familiarity with relevant laws, industry-specific norms, and data protection regulations (e.g., GDPR).
  • Experience with tech governance and compliance, particularly in fintech or cryptocurrency companies (e.g., Coinbase, Kraken, Robinhood).
  • Knowledge of Business Continuity Management (BCM), Business Continuity Planning (BCP), and Business Impact Analysis methodologies.
  • Knowledge of cyber security, cloud security, coding, and related processes (change management, incident response, tracing, computer forensics, etc.).
  • Experience leading cross-functional efforts with operational and technical teams.
Nice to Haves
  • One or more of the following certifications: CISA, CISSP, CRISC, CISM, or equivalent qualifications.
  • Knowledge of Alibaba Cloud, AWS, GCP, and their related services (e.g., SLS/DMS).
  • Familiarity with risks and compliance challenges brought by emerging technologies (such as AI, blockchain).
  • Experience in successfully participating in large-scale security compliance remediation projects.
  • Proficiency in speaking, reading and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members.
  • Prior experience with GRC tooling and/or implementation.
  • Past experience working with crypto platforms or fintech companies.
  • Experience with IPO readiness and related compliance requirements.

Perks & Benefits

  • Competitive total compensation package
  • L&D programs and Education subsidy for employees' growth and development
  • Various team building programs and company events
  • Wellness and meal allowances
  • Comprehensive healthcare schemes for employees and dependants 
  • More that we love to tell you along the process!
Apply for this job

Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!

Get hired quicker

Be the first to apply. Receive an email whenever similar jobs are posted.

Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Senior Security Engineer Q&A's
Report this job
Apply for this job