Senior Technology and Security Risk Manager at OKX
Singapore, SingaporeFull-timeRiskPosted about 2 months ago
About the Role
<div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh">
<div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db">
<div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false">
<h2 class="heading-2 ace-line old-record-id-doxuslsyQOGHoiYb47TiA1n51Th"><strong>Who We Are</strong></h2>
<div class="ace-line ace-line old-record-id-doxusq2WnfR822THsuqUosdSzFu">
<div class="ace-line ace-line old-record-id-QVdid8uopopw8HxPqJXuYeC7sHf">
<div data-page-id="RpoEdRXrWoavx2xJ5CPu6mmysBc" data-lark-html-role="root" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-RKOAdw3kVoh5EQxcr2juP3i0sTb">
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.</div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. </div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">Across our multiple offices globally, we are united by our core principles: <em>We Before Me</em>, <em>Do the Right Thing</em>, and <em>Get Things Done</em>. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.</div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.</div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> </div>
<div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb">
<h2 class="heading-2 ace-line old-record-id-doxus9qcafz8J9vhi3nwZgrckWg"><strong>About the Opportunity</strong></h2>
<div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-doxlg0si55RWdMvZybBmihpOfgd">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg">
<div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false">
<div class="ace-line ace-line old-record-id-doxlgsU0EobcO48hj8jyDeXTzqg">We are seeking a highly motivated Technology and Security Risk Manager within the Second Line of Defence (2LOD).<strong> </strong>You will be responsible for continuously refining and scaling the Technology and Security oversight program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge.</div>
<div class="ace-line ace-line old-record-id-doxlgdPPygBECeLk2qc2UC9E7bc">You will be a key member of OKX's Risk team, helping to shape and scale the firm’s 2LOD Security & Data Risk programs. You’ll work closely with stakeholders including Engineering, Product, Risk, Compliance and Internal Audit.</div>
<div class="ace-line ace-line old-record-id-doxlgqdacAhxQ2zpySO57ihKDYb">You will play a key role in developing and implementing a comprehensive Technology and Security Risk Management program. This includes 2LOD oversight of technology defects, issues, and incidents, Risk and Control Self-Assessments (RCSA), key risk indicators (KRIs) and reporting.</div>
<div class="ace-line ace-line old-record-id-doxlgsOOG9FDMTvsp8fSkxjIUVc">The ideal candidate has a strong understanding of Technology Risk (including Technology Resilience, Change Management, SDLC, CI/CD pipeline, and software quality assurance) and Cybersecurity (covering internal and external threat vectors, control weaknesses, and organisational cyber hygiene). We are looking for a candidate with a strong drive for improvement and career growth.</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<h2 class="heading-2 ace-line old-record-id-doxushHxPgvpIV0pJrijghkWDWe"><strong>What You’ll Be Doing </strong></h2>
<div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false">
<ul class="list-bullet1">
<li class="ace-line ace-line old-record-id-doxlgfKZEefzf1InQ072P0HQS1f" data-list="bullet">
<div>Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate Technology and Security risks, ensuring adherence to the Technology Risk Policy.</div>
</li>
<li class="ace-line ace-line old-record-id-doxlgsZiSfQqsi0hBmDh3AMwg2d" data-list="bullet">
<div>Providing oversight of Technology and Security Risk incidents and issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight</div>
</li>
<li class="ace-line ace-line old-record-id-UA7vdfdT1ooEG7xsKwhlLuPcgFf" data-list="bullet">
<div>Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Security risks and controls.</div>
</li>
<li class="ace-line ace-line old-record-id-doxlgwOvgJt9auFoNJb8TUreSDe" data-list="bullet">
<div>Support the Security Key Risk Indicators (KRIs) definition, monitoring, and reporting.</div>
</li>
<li class="ace-line ace-line old-record-id-doxlgKBzunI6rbE68SHb1kEWqTf" data-list="bullet">
<div>Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight</div>
</li>
<li class="ace-line ace-line old-record-id-doxlgib0VqiMtO3tJZcGEx428ib" data-list="bullet">
<div>Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.</div>
</li>
<li class="ace-line ace-line old-record-id-doxlgR20KCCXfNro1RBenzu6r5b" data-list="bullet">
<div>Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.</div>
</li>
</ul>
</div>
</div>
</div>
</div>
<h2 class="heading-2 ace-line old-record-id-doxusWnZPeJsdMU53QGew90VQeh"><strong>What We Look For In You </strong></h2>
<div data-page-id="M2qXdhFX8okrEKxwOq9lguF6gCg" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="Sb3zd9jEooAhdvxwIIhl024jgwc" data-lark-html-role="root" data-docx-has-block-data="false">
<div data-page-id="ZaBpd7fv8oXkg7xx4n2lHJilgeh" data-lark-html-role="root" data-docx-has-block-data="false">
<ul class="list-bullet1">
<li class="ace-line ace-line old-record-id-Qxfxdhio1oLl7mxpahFlQtd7ghb" data-list="bullet">
<div>Bachelor’s degree in Information Technology, Computer Science, or a related field</div>
</li>
<li class="ace-line ace-line old-record-id-SkTPdsUeFoBLSNxxK9Gla6RbgQh" data-list="bullet">
<div>Minimum 8+ years of experience in Cyber Risk or Information Security; experience in fintech, crypto, blockchain, or cloud-native environments is preferred</div>
</li>
<li class="ace-line ace-line old-record-id-Yn8NdlIYyoJAboxSET9loytBg9g" data-list="bullet">
<div>Strong understanding of core cybersecurity domains and tools</div>
</li>
<li class="ace-line ace-line old-record-id-HYOKd3oOUo1wTIxaMVTlV8LEgvh" data-list="bullet">
<div>Solid knowledge of cybersecurity and data risk frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and data privacy and protection regulations (e.g., GDPR, PDPA)</div>
</li>
<li class="ace-line ace-line old-record-id-GMMEdq7NyoLLOkxdYyYluxWSgLd" data-list="bullet">
<div>Proven track record in project and stakeholder management, including independently conducting risk-control assessments, control testing, incident/issue management, and driving remediation efforts</div>
</li>
<li class="ace-line ace-line old-record-id-FvAcdkNPvogfWixcIqKlGmZfgqb" data-list="bullet">
<div>Experience working with Governance, Risk, and Compliance (GRC) platforms in a global or complex organizational setting</div>
</li>
<li class="ace-line ace-line old-record-id-SDNPdYIzuojLenxjSAMlkcENgZP" data-list="bullet">
<div>Excellent communication and presentation skills, with the ability to convey technical and risk concepts clearly to a range of audiences</div>
</li>
<li class="ace-line ace-line old-record-id-JDdrd9atooGK4uxAbeVlEoNbgyh" data-list="bullet">
<div>Strong interpersonal skills and the ability to collaborate effectively across functions and geographies</div>
</li>
<li class="ace-line ace-line old-record-id-SVu7ddxKXoXfw0xaUINl91S3gcd" data-list="bullet">
<div>Comfortable working in a dynamic, fast-paced environment, with a proactive mindset for piloting initiatives and refining them over time</div>
</li>
<li class="ace-line ace-line old-record-id-RgmIdheCqonsyuxLULFlXIa4goh" data-list="bullet">
<div>Relevant certifications such as CISSP, CEH, CISA, CISM, or other recognized cybersecurity qualifications</div>
</li>
</ul>
</div>
</div>
</div>
</div>
<h2 class="heading-2 ace-line old-record-id-doxus9qcafz8J9vhi3nwZgrckWg"><strong>Perks & Benefits </strong></h2>
</div>
</div>
</div>
</div>
</div>
<ul class="list-bullet1">
<li class="ace-line ace-line old-record-id-doxusiGYu1NEN28tAL6MW6eR02f" data-list="bullet">
<div>Competitive total compensation package</div>
</li>
<li class="ace-line ace-line old-record-id-doxusZLAFVPrRYRGhGyO7FPPUGd" data-list="bullet">
<div>L&D programs and Education subsidy for employees' growth and development</div>
</li>
<li class="ace-line ace-line old-record-id-doxusrrjMT56rfeOQd4cxtYfqud" data-list="bullet">
<div>Various team building programs and company events</div>
</li>
<li class="ace-line ace-line old-record-id-doxusPsLADLskP9mMcTuCM7Yf33" data-list="bullet">
<div>Wellness and meal allowances</div>
</li>
<li class="ace-line ace-line old-record-id-doxus6Rf4OlpUSvh83zhfO3l9nK" data-list="bullet">
<div>Comprehensive healthcare schemes for employees and dependants</div>
</li>
<li>More that we love to tell you along the process!</li>
</ul>
<p class="p1"><span style="color: rgb(255, 255, 255);">#LI-CZ1</span></p>
<p class="p1"><span style="color: rgb(255, 255, 255);">#LI-ONSITE</span></p>
</div>
</div>
</div>
</div>
</div><div class="content-conclusion"><div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only"><span class="text-only" data-eleid="6">Notice:<br></span></span></span>
<div data-lark-html-role="root"><span class="text-only" data-eleid="26"><span class="text-only">All official </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only"> vacancies are published on this website.</span></span> <span class="text-only" data-eleid="28"><span class="text-only">While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. </span></span><strong><span class="text-only" data-eleid="29"><span class="text-only">If in doubt, please apply directly through our official careers website.</span></span></strong></div>
</div>
<div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only">Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only">'s </span></span><a class="link rich-text-anchor __anchor-intercept-flag__ text-content-link" href="https://www.okx.com/en-eu/help/okx-candidate-privacy-notice" target="_blank" data-eleid="19" data-lark-is-custom="true" data-lark-link="true">Candidate Privacy Notice</a><span class="text-only" data-eleid="20"><span class="text-only">.</span></span></div></div>
Related Roles
Senior Model Risk Quant Manager (FinCrime AML)
OKX
Hong Kong, Hong Kong SARSenior Model Risk Quant Manager (FinCrime AML)
OKX
Hong Kong, Hong Kong SAR; Singapore, SingaporeSenior Market Risk Manager - HongKong
OKX
Hong Kong, Hong Kong SARSenior Technology and Security Risk Manager
OKX
Hong Kong, Hong Kong SARSenior Operations Manager, P2P
OKX
Hong Kong, Hong Kong SARFraud Risk Strategy Expert
OKX
Singapore, Singapore