Security Compliance Director, Technology Governance and Compliance
Who We Are
At OKX, we anticipate a future shaped by technology. Established in 2017, we are transforming global systems through our state-of-the-art digital asset exchange, Web3 portal, and blockchain ecosystems. We enhance the financial landscape by providing a wide array of innovative products, solutions, and trading tools. Trusted by over 50 million users across 180 countries, OKX enables individuals to navigate the realm of Web3. With a diverse product range and a strong commitment to innovation, OKX envisions a financial world supported by blockchain technology and decentralized finance. We are known for our innovative approach to work, products, and social responsibility, actively engaging in various public welfare activities. With a global team of more than 3,000 employees, we believe that embracing diversity and inclusion leads to long-term industry value creation. Join us in Building the Future today!
About the Team
The Technology Governance team offers security guidance to OKX entities worldwide, collaborating with various teams to facilitate business growth. This team closely works with compliance and legal departments to interpret global requirements related to licensing or regional mandates.
About the Opportunity
Stay informed about the latest developments in laws, regulations, and information security standards concerning Network Security, Data Security, and Data Protection. Ensure the internal information security management system is regularly updated and maintained. Facilitate applications for information security certifications like ISO 27001, SOC, and PCI for our products. Advocate for security compliance and privacy protection requirements, promptly addressing any non-compliance issues. Verify that the organization's security controls meet industry standards by conducting thorough assessments of processes, systems, policies, network configurations, and procedures. Collaborate with cross-functional teams to monitor business activities and ensure adherence to external certifications.
Candidates with varying levels of experience will be considered for roles as senior engineers or engineers, based on their skills and potential.
What You'll Be Doing
Lead operational audit programs and complex technology control assessments, including Information Security, Infrastructure, and Emerging Technologies.
Conduct integrated audits supporting various business functions and productions.
Assist in analyzing and identifying emerging technology risks for OKX.
Build and maintain subject matter expertise in technology domains.
Develop collaborative relationships with stakeholders to provide value-added services and advisory support.
Engage with engineering and product teams to offer insights on technology implementations.
Continually expand knowledge in the audit profession, industry trends, and company products.
Ensure quality and consistency in audit work by adhering to department and professional standards. Seek opportunities for audit process enhancement.
What We Look For In You
Minimum of 3 years' experience managing ISO 27001:2022, SOC 2 audits, and compliance programs in a global organizational context.
Proficiency in cybersecurity frameworks like ISO 27001, PCI-DSS, SOC 2, and other regulatory requirements.
Strong communication and analytical skills, commitment to continuous learning, and a collaborative mindset.
Experience in Technology Audit, Risk Management, Cybersecurity Compliance, or Engineering, preferably in the technology sector.
Relevant certifications such as CISSP, GIAC, CCNA, CISA, or CIA.
Track record in managing audit portfolios and integrating audits for financial/operational and technology objectives.
Interest in emerging technologies, critical thinking, and strong problem-solving skills.
Ability to thrive in a fast-paced, product-oriented environment, with exposure to startup or tech companies being beneficial.
Proficient in assessing complex technology environments against industry best practices and regulatory requirements.
Effective written communication to convey findings and recommendations to senior management.
Experience working in a global organization and managing projects across different time zones.
Nice to Haves
Expertise in ISO management systems, SOC audits, and PCI certification.
Understanding of data protection regulations like the Personal Data Protection Act and Technology Risk Management Guidelines.
Possession of industry certifications like CISM, CISA, CISSP.
Experience in compliance for virtual currency trading platforms, especially in obtaining licenses across various regions.
Perks & Benefits
Competitive total compensation package.
Learning & Development programs and Education subsidy.
Team-building activities and company events.
Wellness and meal allowances.
Comprehensive healthcare schemes for employees and dependents.
Exciting perks to be revealed during the process!
Founding Head of Engineering
Customer Service BI Specialist
Collect, categorize, and analyze user data obtained from the customer service department and related systems to identify patterns in user behavior and issue trends.
Create and maintain dashboards and reports to offer real-time insights into critical metrics.
Provide recommendations driven by data to enhance team performance and operational efficiency.
Collaborate with team leaders to execute solutions and monitor the effects of changes.
Perform root cause analysis to pinpoint underlying factors influencing key performance indicators (CSATs, resolution rate, etc.).
Simplify complex data into actionable insights for senior management.
Assist in strategic decision-making through in-depth analysis and forecasting.
Ensure the accuracy and integrity of data by applying best practices in data collection, storage, and analysis.
Effectively communicate findings and suggestions to stakeholders at various levels.
Work with cross-functional teams to establish goals and drive collaborative initiatives.
Offer training and support to team members on data analysis tools and techniques.
Requirements:
A minimum of 3-5 years of experience in business intelligence, data analysis, or a related field.
Demonstrated proficiency in analyzing intricate data sets and delivering actionable insights.
Experience in the cryptocurrency, financial services, or compliance sector is a bonus.
Bachelor’s degree in Data Science, Statistics, Computer Science, Business Analytics, or a related discipline.
Competence in data analysis tools like SQL, Python, R, or equivalent.
Familiarity with data visualization platforms such as Tableau, Power BI, or similar tools.
Strong grasp of database management and data warehousing principles.
Knowledge of statistical analysis and predictive modeling methods.
Exceptional analytical and problem-solving capabilities.
Keen attention to detail and precision.
Ability to convey complex data insights clearly and succinctly.
Robust organizational and time management skills.
Capable of working both independently and collaboratively within a team.
Member of Compliance, Vendor QA Lead
Anchorage Digital is a leading crypto platform that facilitates institutional engagement with digital assets through a range of services including custody, staking, trading, governance, and settlement, all supported by top-tier security infrastructure. The home of Anchorage Digital Bank N.A., the sole federally chartered crypto bank in the U.S., Anchorage Digital also caters to institutions through its global offerings.
The company has garnered significant investment from reputable institutions like Andreessen Horowitz, GIC, Goldman Sachs, KKR, and Visa, with a Series D valuation surpassing $3 billion. Founded in 2017 in San Francisco, California, Anchorage Digital operates from its offices in New York, Porto, Singapore, and Sioux Falls.
The primary objective of this role is to contribute to the Quality Assurance process within Third-Party Risk Management (TPRM) while aiding the evaluation of third-party service providers across all legal entities present within Anchorage, both regulated and non-regulated.
We have introduced the Factors of Growth & Impact to assist team members in measuring impact and articulating their progress within the role, supporting ongoing learning and skill development.
Responsibilities:
Oversee and manage the TPRM Quality Assurance process across regulated and non-regulated legal entities within Anchorage Digital, which includes conducting reviews, analyzing findings, and presenting results to key stakeholders.
Provide support for risk assessment procedures across all legal entities specific to Financial reviews, Business Continuity, Information Security, and other risk reviews as dictated by the nature of the outsourced product/service.
Collaborate on various TPRM projects as necessary with a high level of autonomy and minimal supervision required.
Key Areas of Focus:
Develop and manage procedures related to Third-Party Risk Management and Vendor Management Quality Assurance, and help implement QA processes across all legal entities.
Engage across the organization to align TPRM requirements with business needs for both regulated and non-regulated legal entities.
Communication and Collaboration:
Efficiently document summaries, reports, and governance materials associated with the TPRM Quality Assurance Program.
Engage effectively with stakeholders such as Risk Subject Matter Experts (SMEs), Relationship Owners, and Relationship Managers.
Mentor junior team members to instill industry best practices and share insights gained from experience.
Requirements:
Prior experience in TPRM Quality Assurance/Quality Control and Information Security assessments.
Knowledge of working in regulated financial institutions is a plus.
Desired Qualifications:
Exposure to financial services regulatory guidelines such as OCC, NY DFS, FFIEC, MAS, and other relevant bodies.
Appreciation for the innovative musical, "Hamilton," which highlights the establishment of a modern financial system.
Anchorage Digital is dedicated to fostering an inclusive and supportive workplace for its diverse team members, where respect, connection, and collaboration are paramount. We celebrate individual differences and believe that openness about our backgrounds enables us to excel together in our work.
Anchorage Digital is an Equal Opportunity Employer and values diversity and inclusion in its workforce. We welcome applications from qualified individuals without regard to race, color, ancestry, religion, gender, age, marital status, disability, sexual orientation, gender identity, veteran status, or any other protected category under applicable laws.
Ensuring the privacy of personal and financial information is a top priority for Anchorage Digital, and we strive to maintain the confidence and trust of our clients when handling their sensitive data.
Incident Response Engineer
Your expertise in cyber defense, digital forensics, log analysis, and intrusion analysis will be utilized to address security incidents affecting our endpoints, network, and cloud infrastructure. Key responsibilities include prevention, detection, response, and remediation utilizing technologies such as Next-Generation Firewalls (NGFW), Endpoint Detection and Response (EDR), Intrusion Detection/Prevention Systems (IDS/IPS), and Data Loss Prevention (DLP), among others.
Effective collaboration and communication with diverse stakeholders in multicultural and global settings will also be part of your role.
Responsibilities:
Act as a key point of contact, reporting to the Director, to guide all phases of the incident response lifecycle
Contribute to various incident prevention projects aimed at enhancing security posture
Preparation:
Understand and adhere to various regulatory and compliance requirements related to incident reporting and escalation
Engage in self-assessment exercises like Tabletop Exercises, Attack Simulations, and Red/Purple Team exercises for seamless incident response processes
Develop incident response runbooks, playbooks, and SOPs aligning with regulatory requirements
Assess the readiness of different layers - people, processes, and technologies for incident response
Detection & Analysis:
Respond to cybersecurity incidents escalated from different channels, including the 24/7 SOC team
Manage cybersecurity incidents in compliance with local authority/regulatory requirements
Evaluate risk, impact, and scope of identified security threats
Conduct in-depth incident analysis by investigating security-related logs and contextualizing against known threats
Containment, Eradication, and Recovery:
Collaborate with stakeholders, offer guidance, and make recommendations to contain and eliminate security incidents
Contribute to root cause analysis using forensic tools to identify sources of compromise or malicious activity
Document investigative findings for high-profile events and other significant incidents
Post-Incident Activities:
Facilitate lessons learned sessions for stakeholders
Oversee and track follow-up actions
Document incidents in the case management system and generate incident reports
Demonstrate readiness to engage quickly in security incidents.
Requirements:
Minimum of 5 years of experience in the Cyber Security industry
Strong technical and analytical skills
Proficiency in cyber security incident response processes
Knowledge of AI tools for automating security tasks
Hands-on experience in incident response
Scripting experience (Bash, PowerShell, Python, Go) for incident response across multiple platforms
Familiarity with cybersecurity tools and software like NGFW, EDR, IDS/IPS, SIEM, etc.
Familiarity with MITRE ATT&CK Framework and/or Cyber Kill Chain
Proactive in exploring new technologies and enhancing team capabilities
Security-related certifications like Azure, AWS, CISSP, GCIH, GCIA, etc., are advantageous
Understanding of regulatory and compliance requirements like GDPR, MAS, PSD2 is a plus
Preferably:
Rapid learner with a proactive mindset
Strong team player with a collaborative approach
Eagerness to learn and willingness to go the extra mile
Strong sense of ownership, accountability, and urgency
Confidence in handling incidents and engaging with senior stakeholders
Insight into business considerations alongside technical decisions.
Head of Delivery Team
Type: Full-time
Company Overview: Ubiminds is a GPTW-certified company that focuses on partnering with American software product firms to enhance their development capabilities. The company specializes in selecting and integrating the top 5% talent from Brazil to support their LATAM strategy.
Responsibilities:
Leadership & Team Development:
Lead a team of Project Managers, fostering a culture of high-performance and goal-oriented mindset.
Support Project Managers in addressing challenges, enhancing client relationships, and ensuring alignment with company standards.
Identify areas for development within the team and promote continuous learning and growth.
Account Expansion & Business Growth: - Provide strategic guidance to clients, identifying avenues for expanding partnerships and increasing value through various solutions, such as staff augmentation or outsourcing.
Develop and execute strategies to drive revenue growth in existing accounts through position creation and enhanced service delivery.
Ensure account growth is coupled with high retention rates by prioritizing the satisfaction and performance of team members.
Collaborate with the Sales team on proposing new services based on client feedback and insights.
Delivery Excellence, Retention & Process Improvement:
Supervise project delivery across accounts to uphold performance, quality, and client satisfaction standards.
Ensure team members are supported and positioned for success within client teams.
Establish monitoring systems for performance and satisfaction to address challenges proactively.
Implement scalable processes and best practices to enhance operational efficiency.
Client Success & Relationship Management:
Cultivate strong relationships with senior stakeholders at client organizations.
Assist in navigating complex challenges, mediating conflicts, and positioning the company as a valued partner.
Address complex issues, offering solutions that align with client and company interests.
Cross-Functional Collaboration:
Collaborate with the Talent Acquisition team to align delivery capacity with growth objectives and retention strategies.
Partner with departments such as People and Sales for optimal hiring, onboarding, and employee experience.
Contribute insights and feedback to shape the company's broader strategic approach.
Requirements:
Fluency in English and Portuguese.
Previous experience leading project management, account management, or client success teams preferably in the tech, outsourcing, or staffing sector.
Demonstrated ability to drive revenue growth while maintaining strong retention rates.
Strong negotiation, relationship-building, and communication skills.
Problem-solving and conflict resolution skills.
Process-oriented with expertise in designing scalable frameworks.
Comfortable in a fast-paced, target-driven environment.
Proficiency in software development environments.
Company Culture:
People-focused environment promoting continuous improvement and teamwork.
Emphasis on taking challenges head-on with a positive attitude and commitment.
Delivering high-quality services and exceeding expectations is the norm.
Transparency, honesty, and openness are core values upheld by the company.
Perks and Benefits:
Engage with industry leaders in a dynamic and innovative work setting.
Benefit from a vast network of partners to support revenue generation.
Option to work remotely or at the office.
Provided with company-specific equipment.
Access to snacks, drinks, and community-building events.
Financial support for attending conferences and relevant industry events.