Posted on Dec 17, 2024
Head of Regional Security
Who We Are
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
About the Opportunity
Stay abreast of security technologies, global compliance standards, and regulatory requirements. Lead the organization's security technology implementation, compliance programs, and licensing initiatives across key jurisdictions. Direct the security architecture design, compliance certification processes, and license applications.
What You’ll Be Doing
-
Security Technology: Lead security architecture design and implementation. Guide deployment of security controls, monitoring systems, and incident response capabilities. Review and approve security solutions across cloud and infrastructure.
-
License Applications: Direct VASP licensing applications across global jurisdictions (Hong Kong, Singapore, Dubai, Europe etc.). Manage relationships with regulatory bodies. Ensure ongoing compliance with licensing requirements. Coordinate with legal and business teams for application processes.
-
Team Leadership: Build and lead security and compliance teams. Work with cross-functional stakeholders to implement security and compliance requirements. Report to senior management on security, compliance and licensing status.
-
Security Strategy & Governance:Develop and maintain enterprise security strategy, roadmaps and architectures aligned with business objectives. Establish security governance frameworks, policies, and standards across the organization. Lead security steering committee and provide regular security updates to board/executive management. Manage security budget, resource allocation and strategic vendor relationships. Define and track security metrics, KPIs and risk indicators
What We Look For In You
-
Multiple language capabilities, both chinese and english
-
10+ years experience in information security and compliance, with strong technical background
-
Deep understanding of security technologies: network security, cloud security, encryption, access controls, security monitoring
-
Extensive hands-on experience with security compliance frameworks (ISO 27001, SOC2, PCI-DSS)
-
Experience in cryptocurrency/blockchain industry licensing applications
-
Strong communication and leadership abilities
-
Results-oriented with ability to work under pressure
-
Professional certifications such as CISSP, CISM required
-
Bachelor's degree in Computer Science, Information Security or related field
-
Deep expertise in:
-
Application security (SAST/DAST/IAST)
-
Container and kubernetes security
-
Hardware security modules (HSM)
-
Secure software development lifecycle (SSDLC)
-
Identity and access management (IAM)
-
API security and microservices security
-
DDoS protection and WAF implementation
-
Security automation and orchestration (SOAR)
-
Threat hunting and incident response
-
Blockchain protocol security
-
Nice to Haves
-
Compliance Management: Lead and maintain security certifications including ISO 27001, SOC2, PCI-DSS. Develop security policies and ensure implementation meets global standards. Oversee internal security management system and controls.
-
Advanced degree in relevant field
-
Experience in cryptocurrency trading platforms
-
Direct experience obtaining VASP licenses in major jurisdictions
-
Understanding of global financial regulations and licensing requirements
-
Additional security or professional certifications
-
Experience working with regulatory bodies
-
Homomorphic encryption and zero-knowledge proofs
-
Advanced malware analysis and reverse engineering
-
Security architecture patterns for distributed systems
-
Cloud native security (ALIBABA CLOUD, AWS, Azure, GCP)
-
Security metrics and KPI development
-
Vendor security assessment frameworks
Perks & Benefits
-
Competitive total compensation package
-
L&D programs and Education subsidy for employees' growth and development
-
Various team building programs and company events
-
Wellness and meal allowances
-
Comprehensive healthcare schemes for employees and dependants
-
More that we love to tell you along the process!
OKX Statement
The base salary range for this position is $330,000 to $616,000. The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.
OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment-qualified applicants with arrest and conviction records.
#LI-HYBRID
#LI-ED1