Who We Are
At OKX, we believe the future will be reshaped by technology. Founded in 2017, we are revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 50 million users in over 180 countries globally, OKX empowers every individual to explore the world of Web3. With our extensive range of products and services, and unwavering commitment to innovation, OKX envisions a world of financial access backed by blockchain and the power of decentralized finance.
We are innovative in the way we think, work, and in the products we create. We are also socially responsible by actively participating and encouraging employees to take part in various public welfare activities. With more than 3,000 employees around the world, we believe embracing diversity and inclusion will spark the creation of long-term value for the industry. Come Build the Future with Us now!
About the Team
The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.
About the Opportunity
Security breaches are the number one cause of death amongst digital currency companies. Security is the core to our mission and has been a key competitive differentiator for us as we scale
As a Security Engineer on the Technology Governance & Compliance team, you will lead and manage multiple initiatives to mature OKX security programs globally. You’ll also have an opportunity to pitch, lead and participate in cross-functional initiatives that uplevel the security of all OKX products and services. This role works horizontally across the business to provide guidance for the design and implementation of key security controls, tools and technologies.
What You'll Be Doing
-
Analyze and assess security and compliance gaps identified by internal and external audits.
-
Develop and execute remediation plans and solutions for audit findings.
-
Coordinate with relevant departments to implement problem fixes and governance measures.
-
Conduct IT security and architecture governance to ensure systems and processes comply with relevant standards and regulations.
-
Track remediation progress and regularly report to management on governance work progress and effectiveness.
-
Develop and refine IT governance-related policies and procedures (P&P), and provide implementation guidance.
-
Communicate effectively with external auditors and regulators, coordinating audit work.
-
Continuously monitor and evaluate the company's security compliance status, proposing improvement suggestions.
-
Stay up-to-date on industry trends and best practices to drive continuous improvement of the company's security compliance capabilities.
What We Look For In You
-
At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance.
-
In-depth understanding of various audit standards such as ISO 27001, COBIT, SOC2, SOC1, PCI-DSS, and NIST.
-
Familiarity with relevant laws and regulations, including industry-specific norms and data protection regulations (e.g., GDPR).
-
Excellent project management skills, able to manage multiple complex audit finding remediation plans simultaneously.
-
Outstanding communication and coordination abilities, capable of effectively interacting with stakeholders at all levels and promoting cross-departmental cooperation.
-
Strong analytical and problem-solving skills, able to handle complex security compliance challenges.
-
At least 3 years of experience in IT process governance and technology governance projects within large internet enterprises.
-
Familiarity with specific risks and compliance requirements in large internet enterprises or blockchain companies.
-
Adaptability and flexibility to work in a rapidly changing technological and regulatory environment.
-
Knowledge of cyber security / cloud security / coding and related processes, such as change management, incident response processes, tracing processes, computer forensics processes, etc.
Nice to Haves
-
One or more of the following certifications: CISA, CISSP, CRISC, CISM, or equivalent qualifications
-
Have knowledge of Alibaba Cloud, AWS, GCP, and their related services.(e.g., SLS/DMS)
-
Familiarity with risks and compliance challenges brought by emerging technologies (such as AI, blockchain)
-
Experience in successfully participating in large-scale security compliance remediation projects.
-
Fluent in both Chinese and English, with excellent oral and written communication skills.
Perks & Benefits
-
Competitive total compensation package.
-
L&D programs and Education subsidy for employees' growth and development.
-
Various team building programs and company events.
-
Wellness and meal allowances.
-
Comprehensive healthcare schemes for employees and dependants .
-
More that we love to tell you along the process!