Senior Technology and Security Risk Manager at OKX

<div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <h2 class="heading-2 ace-line old-record-id-doxuslsyQOGHoiYb47TiA1n51Th"><strong>Who We Are</strong></h2> <div class="ace-line ace-line old-record-id-doxusq2WnfR822THsuqUosdSzFu"> <div class="ace-line ace-line old-record-id-QVdid8uopopw8HxPqJXuYeC7sHf"> <div data-page-id="RpoEdRXrWoavx2xJ5CPu6mmysBc" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-RKOAdw3kVoh5EQxcr2juP3i0sTb"> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">&nbsp;</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.&nbsp;</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">&nbsp;</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">Across our multiple offices globally, we are united by our core principles:&nbsp;<em>We Before Me</em>,&nbsp;<em>Do the Right Thing</em>, and&nbsp;<em>Get Things Done</em>. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">&nbsp;</div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.</div> </div> </div> </div> </div> <h2 class="heading-2 ace-line old-record-id-doxus9qcafz8J9vhi3nwZgrckWg"><strong>About the Opportunity</strong></h2> <div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxlg0si55RWdMvZybBmihpOfgd"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg"> <div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxlgsU0EobcO48hj8jyDeXTzqg">We are seeking a highly motivated Technology and Security Risk Manager within the Second Line of Defence (2LOD).<strong> </strong>You will be responsible for continuously refining and scaling the Technology and Security oversight program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge.</div> <div class="ace-line ace-line old-record-id-doxlgdPPygBECeLk2qc2UC9E7bc">You will be a key member of OKX's Risk team, helping to shape and scale the firm’s 2LOD Security &amp; Data Risk programs. You’ll work closely with stakeholders including Engineering, Product, Risk, Compliance and Internal Audit.</div> <div class="ace-line ace-line old-record-id-doxlgqdacAhxQ2zpySO57ihKDYb">You will play a key role in developing and implementing a comprehensive Technology and Security Risk Management program. This includes 2LOD oversight of technology defects, issues, and incidents, Risk and Control Self-Assessments (RCSA), key risk indicators (KRIs) and reporting.</div> <div class="ace-line ace-line old-record-id-doxlgsOOG9FDMTvsp8fSkxjIUVc">The ideal candidate has a strong understanding of Technology Risk (including Technology Resilience, Change Management, SDLC, CI/CD pipeline, and software quality assurance) and Cybersecurity (covering internal and external threat vectors, control weaknesses, and organisational cyber hygiene). We are looking for a candidate with a strong drive for improvement and career growth.</div> </div> </div> </div> </div> </div> </div> </div> <h2 class="heading-2 ace-line old-record-id-doxushHxPgvpIV0pJrijghkWDWe"><strong>What You’ll Be Doing&nbsp;</strong></h2> <div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false"> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgfKZEefzf1InQ072P0HQS1f" data-list="bullet"> <div>Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate Technology and Security risks, ensuring adherence to the Technology Risk Policy.</div> </li> <li class="ace-line ace-line old-record-id-doxlgsZiSfQqsi0hBmDh3AMwg2d" data-list="bullet"> <div>Providing oversight of Technology and Security Risk incidents and issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight</div> </li> <li class="ace-line ace-line old-record-id-UA7vdfdT1ooEG7xsKwhlLuPcgFf" data-list="bullet"> <div>Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Security risks and controls.</div> </li> <li class="ace-line ace-line old-record-id-doxlgwOvgJt9auFoNJb8TUreSDe" data-list="bullet"> <div>Support the Security Key Risk Indicators (KRIs) definition, monitoring, and reporting.</div> </li> <li class="ace-line ace-line old-record-id-doxlgKBzunI6rbE68SHb1kEWqTf" data-list="bullet"> <div>Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight</div> </li> <li class="ace-line ace-line old-record-id-doxlgib0VqiMtO3tJZcGEx428ib" data-list="bullet"> <div>Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.</div> </li> <li class="ace-line ace-line old-record-id-doxlgR20KCCXfNro1RBenzu6r5b" data-list="bullet"> <div>Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.</div> </li> </ul> </div> </div> </div> </div> <h2 class="heading-2 ace-line old-record-id-doxusWnZPeJsdMU53QGew90VQeh"><strong>What We Look For In You&nbsp;</strong></h2> <div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false"> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-Qxfxdhio1oLl7mxpahFlQtd7ghb" data-list="bullet"> <div>Bachelor’s degree in Information Technology, Computer Science, or a related field</div> </li> <li class="ace-line ace-line old-record-id-SkTPdsUeFoBLSNxxK9Gla6RbgQh" data-list="bullet"> <div>Minimum 8+ years of experience in Cyber Risk or Information Security; experience in fintech, crypto, blockchain, or cloud-native environments is preferred</div> </li> <li class="ace-line ace-line old-record-id-Yn8NdlIYyoJAboxSET9loytBg9g" data-list="bullet"> <div>Strong understanding of core cybersecurity domains and tools</div> </li> <li class="ace-line ace-line old-record-id-HYOKd3oOUo1wTIxaMVTlV8LEgvh" data-list="bullet"> <div>Solid knowledge of cybersecurity and data risk frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and data privacy and protection regulations (e.g., GDPR, PDPA)</div> </li> <li class="ace-line ace-line old-record-id-GMMEdq7NyoLLOkxdYyYluxWSgLd" data-list="bullet"> <div>Proven track record in project and stakeholder management, including independently conducting risk-control assessments, control testing, incident/issue management, and driving remediation efforts</div> </li> <li class="ace-line ace-line old-record-id-FvAcdkNPvogfWixcIqKlGmZfgqb" data-list="bullet"> <div>Experience working with Governance, Risk, and Compliance (GRC) platforms in a global or complex organizational setting</div> </li> <li class="ace-line ace-line old-record-id-SDNPdYIzuojLenxjSAMlkcENgZP" data-list="bullet"> <div>Excellent communication and presentation skills, with the ability to convey technical and risk concepts clearly to a range of audiences</div> </li> <li class="ace-line ace-line old-record-id-JDdrd9atooGK4uxAbeVlEoNbgyh" data-list="bullet"> <div>Strong interpersonal skills and the ability to collaborate effectively across functions and geographies</div> </li> <li class="ace-line ace-line old-record-id-SVu7ddxKXoXfw0xaUINl91S3gcd" data-list="bullet"> <div>Comfortable working in a dynamic, fast-paced environment, with a proactive mindset for piloting initiatives and refining them over time</div> </li> <li class="ace-line ace-line old-record-id-RgmIdheCqonsyuxLULFlXIa4goh" data-list="bullet"> <div>Relevant certifications such as CISSP, CEH, CISA, CISM, or other recognized cybersecurity qualifications</div> </li> </ul> </div> </div> </div> </div> <h2><strong>Perks &amp; Benefits&nbsp;</strong></h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxusiGYu1NEN28tAL6MW6eR02f" data-list="bullet"> <div>Competitive total compensation package</div> </li> <li class="ace-line ace-line old-record-id-doxusZLAFVPrRYRGhGyO7FPPUGd" data-list="bullet"> <div>L&amp;D programs and Education subsidy for employees' growth and development</div> </li> <li class="ace-line ace-line old-record-id-doxusrrjMT56rfeOQd4cxtYfqud" data-list="bullet"> <div>Various team building programs and company events</div> </li> <li class="ace-line ace-line old-record-id-doxusPsLADLskP9mMcTuCM7Yf33" data-list="bullet"> <div>Wellness and meal allowances</div> </li> <li class="ace-line ace-line old-record-id-doxus6Rf4OlpUSvh83zhfO3l9nK" data-list="bullet"> <div>Comprehensive healthcare schemes for employees and dependants</div> </li> <li>More that we love to tell you along the process!</li> </ul> <p class="p1">Disclaimer: Please note that Hong Kong is a group-level service hub, and OKX does not carry on a business of operating a virtual asset trading platform in Hong Kong.</p> <p class="p1"><span style="color: rgb(255, 255, 255);">#LI-CZ1</span></p> <p class="p1"><span style="color: rgb(255, 255, 255);">#LI-ONSITE</span></p> </div> </div> </div> </div> </div><div class="content-conclusion"><div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only"><span class="text-only" data-eleid="6">Notice:<br></span></span></span> <div data-lark-html-role="root"><span class="text-only" data-eleid="26"><span class="text-only">All official </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only"> vacancies are published on this website.</span></span> <span class="text-only" data-eleid="28"><span class="text-only">While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. </span></span><strong><span class="text-only" data-eleid="29"><span class="text-only">If in doubt, please apply directly through our official careers website.</span></span></strong></div> </div> <div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only">Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to&nbsp;</span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only">'s </span></span><a class="link rich-text-anchor __anchor-intercept-flag__ text-content-link" href="https://www.okx.com/en-eu/help/okx-candidate-privacy-notice" target="_blank" data-eleid="19" data-lark-is-custom="true" data-lark-link="true">Candidate Privacy Notice</a><span class="text-only" data-eleid="20"><span class="text-only">.</span></span></div></div>