OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX’s sponsorship of a visa
Who We Are
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual’s freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
About the Team
The Tech Governance team is responsible for managing and mitigating data security risks posed within the organization. To identify the data security risks and enhance the company’s security management level, this team is responsible for the construction of the company’s data security management system, defining the identification of security risks, and driving the implementation of security governance solutions. This team is also accountable for compiling company data security management regulations/polices, optimising data security management processes, and operating the internal data governance platform.
About the Opportunity
Security breaches are the number one cause of death amongst digital currency companies. Security is the core to our mission and has been a key competitive differentiator for us as we scale
As a Security Engineer on the Technology Governance & Compliance team, you will lead and manage multiple initiatives to mature OKX security programs globally. You’ll also have an opportunity to pitch, lead and participate in cross-functional initiatives that uplevel the security of all OKX products and services. This role works horizontally across the business to provide guidance for the design and implementation of key security controls, tools and technologies.
Role Overview:
The Control Assurance Specialist is responsible for evaluating, monitoring, and ensuring the effectiveness of IT and security controls within the organization. This role works closely with internal and external auditors, as well as stakeholders across departments, to ensure compliance, identify weaknesses in control systems, and implement corrective actions. The Control Assurance Specialist also contributes to periodic self-assessments of controls to verify their efficiency and alignment with business objectives.
Roles and Responsibilities:
-
Develop and maintain an assurance roadmap, ensuring comprehensive coverage of IT and security domains.
-
Conduct assurance reviews to assess the effectiveness of IT/ security controls against internal standards, industry best-practice and regulatory requirements.
-
Continuously monitor and evaluate the company’s security compliance status, proposing improvements.
-
Identify areas for improvement and work with relevant stakeholders to implement remediation plans.
-
Analyze and assess security and compliance gaps identified by internal and external audits.
-
Create and maintain solutions that uphold continuous compliance with industry security standards and regulations (ISO27001, SOC 1/2, NIST, CIS benchmarks, SOX, etc.)
-
Support tech governance and compliance initiatives, including those related to IPO readiness if applicable.
-
Track remediation progress and regularly report to management on governance work effectiveness.
-
Develop and refine IT governance-related policies and procedures (P&P), providing implementation guidance.
-
Stay up-to-date on industry trends and best practices to drive continuous improvement of security compliance capabilities.
Key Qualifications
-
At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance within large internet enterprises, blockchain companies, fintech firms, or auditing firms.
-
In-depth understanding of various IT security frameworks and audit standards, such as ISO 27001, COBIT, SOC 2, SOC 1, NIST, and SOX.
-
Familiarity with relevant regulatory requirements, industry best practices, and data protection regulations (e.g., GDPR).
-
One or more certifications, such as CISA, CISSP, CRISC, CISM, or equivalent qualifications, are highly desirable.
-
Knowledge of cybersecurity, cloud security, IT infrastructure, and related IT operational processes (change management, incident response, etc.).
-
Experience leading cross-functional initiatives with operational and technical teams.
-
Proficiency in speaking, reading, and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members.
-
Familiarity with the risks and compliance challenges posed by emerging technologies (such as AI and blockchain) would be a plus.
-
Experience with IPO readiness and related compliance requirements would be a plus.
Perks & Benefits
-
Competitive total compensation package
-
L&D programs and Education subsidy for employees’ growth and development
-
Various team building programs and company events
-
Wellness and meal allowances
-
Comprehensive healthcare schemes for employees and dependants
-
More that we love to tell you along the process!
