Security Compliance & Governance Engineer
at okx
okx
Posted on Dec 17, 2024
singapore
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa
 

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Team

The Technology Governance team provides security advice and guidance to OKX entities across all coverage areas, including global locations support business growth by working with all teams within the company to help them achieve their goals. This team works closely with compliance and legal teams to interpret global requirements for applying for licensing or any regional requirements, and understanding them.
 

About the Opportunity

Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection. Ensure timely updates and maintenance of the internal information security management system. Apply for information security certifications such as ISO 27001, SOC, and PCI for our products. Advocate for and oversee the implementation of security compliance and privacy protection requirements. Promptly address and rectify any non-compliant items. Validate and verify that the organization's security controls meet industry requirements. Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations. Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications.
 

What You'll Be Doing

  • Analyze and assess security and compliance gaps identified by internal and external audits.
  • Develop and execute remediation plans and solutions for audit findings.
  • Coordinate with relevant departments to implement problem fixes and governance measures.
  • Conduct IT security and architecture governance to ensure systems and processes comply with relevant standards and regulations.
  • Track remediation progress and regularly report to management on governance work progress and effectiveness.
  • Develop and refine IT governance-related policies and procedures (P&P), and provide implementation guidance.
  • Communicate effectively with external auditors and regulators, coordinating audit work.
  • Continuously monitor and evaluate the company's security compliance status, proposing improvement suggestions.
  • Stay up-to-date on industry trends and best practices to drive continuous improvement of the company's security compliance capabilities.

 

 What We Look For In You

  • At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance.
  • In-depth understanding of various audit standards such as ISO 27001, COBIT, SOC2, SOC1, PCI-DSS, and NIST.
  • Familiarity with relevant laws and regulations, including industry-specific norms and data protection regulations (e.g., GDPR).
  • Excellent project management skills, able to manage multiple complex audit finding remediation plans simultaneously.
  • Outstanding communication and coordination abilities, capable of effectively interacting with stakeholders at all levels and promoting cross-departmental cooperation.
  • Strong analytical and problem-solving skills, able to handle complex security compliance challenges.
  • At least 3 years of experience in IT process governance and technology governance projects within large internet enterprises.
  • Familiarity with specific risks and compliance requirements in large internet enterprises or blockchain companies.
  • Adaptability and flexibility to work in a rapidly changing technological and regulatory environment.
  • Knowledge of cyber security / cloud security / coding and related processes, such as change management, incident response processes, tracing processes, computer forensics processes, etc.

 

Nice to Haves

  • One or more of the following certifications: CISA, CISSP, CRISC, CISM, or equivalent qualifications
  • Have knowledge of Alibaba Cloud, AWS, GCP, and their related services.(e.g. SLS/DMS)
  • Familiarity with risks and compliance challenges brought by emerging technologies (such as AI, blockchain)
  • Experience in successfully participating in large-scale security compliance remediation projects.
  • Fluent in both Chinese and English, with excellent oral and written communication skills.
 

Perks & Benefits

  • Competitive total compensation package.
  • L&D programs and Education subsidy for employees' growth and development.
  • Various team building programs and company events.
  • Wellness and meal allowances.
  • Comprehensive healthcare schemes for employees and dependants.
  • More that we love to tell you along the process!