Security Compliance Director, Technology Governance and Compliance

Who We Are

At OKX, we anticipate a future shaped by technology. Established in 2017, we are transforming global systems through our state-of-the-art digital asset exchange, Web3 portal, and blockchain ecosystems. We enhance the financial landscape by providing a wide array of innovative products, solutions, and trading tools. Trusted by over 50 million users across 180 countries, OKX enables individuals to navigate the realm of Web3. With a diverse product range and a strong commitment to innovation, OKX envisions a financial world supported by blockchain technology and decentralized finance. We are known for our innovative approach to work, products, and social responsibility, actively engaging in various public welfare activities. With a global team of more than 3,000 employees, we believe that embracing diversity and inclusion leads to long-term industry value creation. Join us in Building the Future today!

About the Team

The Technology Governance team offers security guidance to OKX entities worldwide, collaborating with various teams to facilitate business growth. This team closely works with compliance and legal departments to interpret global requirements related to licensing or regional mandates.

About the Opportunity

Stay informed about the latest developments in laws, regulations, and information security standards concerning Network Security, Data Security, and Data Protection. Ensure the internal information security management system is regularly updated and maintained. Facilitate applications for information security certifications like ISO 27001, SOC, and PCI for our products. Advocate for security compliance and privacy protection requirements, promptly addressing any non-compliance issues. Verify that the organization's security controls meet industry standards by conducting thorough assessments of processes, systems, policies, network configurations, and procedures. Collaborate with cross-functional teams to monitor business activities and ensure adherence to external certifications.

Candidates with varying levels of experience will be considered for roles as senior engineers or engineers, based on their skills and potential.

What You'll Be Doing

• Lead operational audit programs and complex technology control assessments, including Information Security, Infrastructure, and Emerging Technologies.

• Conduct integrated audits supporting various business functions and productions.

• Assist in analyzing and identifying emerging technology risks for OKX.

• Build and maintain subject matter expertise in technology domains.

• Develop collaborative relationships with stakeholders to provide value-added services and advisory support.

• Engage with engineering and product teams to offer insights on technology implementations.

• Continually expand knowledge in the audit profession, industry trends, and company products.

• Ensure quality and consistency in audit work by adhering to department and professional standards. Seek opportunities for audit process enhancement.

What We Look For In You

• Minimum of 3 years' experience managing ISO 27001:2022, SOC 2 audits, and compliance programs in a global organizational context.

• Proficiency in cybersecurity frameworks like ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements.

• Strong communication and analytical skills, commitment to continuous learning, and a collaborative mindset.

• Experience in Technology Audit, Risk Management, Cybersecurity Compliance, or Engineering, preferably in the technology sector.

• Relevant certifications such as CISSP, GIAC, CCNA, CISA, or CIA.

• Track record in managing audit portfolios and integrating audits for financial/operational and technology objectives.

• Interest in emerging technologies, critical thinking, and strong problem-solving skills.

• Ability to thrive in a fast-paced, product-oriented environment, with exposure to startup or tech companies being beneficial.

• Proficient in assessing complex technology environments against industry best practices and regulatory requirements.

• Effective written communication to convey findings and recommendations to senior management.

• Experience working in a global organization and managing projects across different time zones.

Nice to Haves

• Expertise in ISO management systems, SOC audits, and PCI certification.

• Understanding of data protection regulations like the Personal Data Protection Act and Technology Risk Management Guidelines.

• Possession of industry certifications like CISM, CISA, CISSP.

• Experience in compliance for virtual currency trading platforms, especially in obtaining licenses across various regions.

Perks & Benefits

• Competitive total compensation package.

• Learning & Development programs and Education subsidy.

• Team-building activities and company events.

• Wellness and meal allowances.

• Comprehensive healthcare schemes for employees and dependents.

• Exciting perks to be revealed during the process!