Senior Security Manager - EU

Who We Are

About the Role

• Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection.
• Ensure timely updates and maintenance of the internal information security management system.
• Apply for information security certifications such as ISO 27001, SOC, and PCI for our products.
• Advocate for and oversee the implementation of security compliance and privacy protection requirements.
• Promptly address and rectify any non-compliant items.
• Validate and verify that the organization's security controls meet industry requirements.
• Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations.
• Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications.

• Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, Emerging Technologies (AI/ML, FinTech). Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to management.
• Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.).
• Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for OKX. Develop and maintain subject matter expertise in one or more technology domains.
• Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.
• Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.
• Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

What We Look For In You

• 5+ years of relevant experience in managing ISO 27001:2022, SOC 2 audits, and compliance programs within a global organizational setting.
• Demonstrate extensive knowledge and hands-on experience with cybersecurity frameworks, such as ISO 27001, PCI-DSS, SOC 2, and other relevant regulatory requirements.
• Exhibit excellent communication skills and logical reasoning abilities.
• Maintain a composed demeanor, showcasing a robust commitment to continuous learning and a collaborative, team-oriented mindset.
• Display self-driven and results-oriented attributes, enjoy challenging tasks, demonstrate a genuine enthusiasm for work, and work well under pressure.

• Relevant experience in Technology Audit, Risk Management, CyberSecurity Compliance or Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.) and/or Big4 consulting.
• Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects.
• Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives.
• Industry experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus.

• Professional interests: Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business.
• Analytical skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
• Communication skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team.
• Global Experience: Experience working in a global organization and managing projects across different time zones (America and EMEA).

• Relevant industry certifications such as CISM, CISA, CISSP are preferred.
• Cloud Security / Cloud technology experience (AWS certification)
• Experience in ISO management systems, SOC audits, and PCI certification is preferred.
• Experience in compliance with virtual currency trading platforms, experience with EU regulations and regulatory landscape 

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances 
• Comprehensive healthcare schemes for employees and dependents