Senior Technology and Security Risk Manager

div data-page-id= AEW3d0Y2noLuIcxROuFubTLpsZd data-docx-has-block-data= false div class= ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh div data-page-id= doxusokjWsaOkSCIjzixAfRM3sd data-docx-has-block-data= false div class= ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db div data-page-id= AEW3d0Y2noLuIcxROuFubTLpsZd data-docx-has-block-data= false h2 class= heading-2 ace-line old-record-id-doxuslsyQOGHoiYb47TiA1n51Th strong Who We Are /strong /h2 div class= ace-line ace-line old-record-id-doxusq2WnfR822THsuqUosdSzFu div class= ace-line ace-line old-record-id-QVdid8uopopw8HxPqJXuYeC7sHf div data-page-id= RpoEdRXrWoavx2xJ5CPu6mmysBc data-lark-html-role= root data-docx-has-block-data= false div class= ace-line ace-line old-record-id-RKOAdw3kVoh5EQxcr2juP3i0sTb div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual s freedom. /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb nbsp; /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. nbsp; /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb nbsp; /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb Across our multiple offices globally, we are united by our core principles: nbsp; em We Before Me /em , nbsp; em Do the Right Thing /em , and nbsp; em Get Things Done /em . These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb nbsp; /div div class= ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more. /div /div /div /div /div h2 class= heading-2 ace-line old-record-id-doxus9qcafz8J9vhi3nwZgrckWg strong About the Opportunity /strong /h2 div data-page-id= M2qXdhFX8okrEKxwOq9lguF6gCg data-lark-html-role= root data-docx-has-block-data= false div class= ace-line ace-line old-record-id-doxlg0si55RWdMvZybBmihpOfgd div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div class= ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div class= ace-line ace-line old-record-id-TomjdYbxdo4vfYx88fhlCqG6gsg div data-page-id= ZaBpd7fv8oXkg7xx4n2lHJilgeh data-lark-html-role= root data-docx-has-block-data= false div class= ace-line ace-line old-record-id-doxlgsU0EobcO48hj8jyDeXTzqg We are seeking a highly motivated Technology and Security Risk Manager within the Second Line of Defence (2LOD). strong /strong You will be responsible for continuously refining and scaling the Technology and Security oversight program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge. /div div class= ace-line ace-line old-record-id-doxlgdPPygBECeLk2qc2UC9E7bc You will be a key member of OKX s Risk team, helping to shape and scale the firm’s 2LOD Security amp; Data Risk programs. You’ll work closely with stakeholders including Engineering, Product, Risk, Compliance and Internal Audit. /div div class= ace-line ace-line old-record-id-doxlgqdacAhxQ2zpySO57ihKDYb You will play a key role in developing and implementing a comprehensive Technology and Security Risk Management program. This includes 2LOD oversight of technology defects, issues, and incidents, Risk and Control Self-Assessments (RCSA), key risk indicators (KRIs) and reporting. /div div class= ace-line ace-line old-record-id-doxlgsOOG9FDMTvsp8fSkxjIUVc The ideal candidate has a strong understanding of Technology Risk (including Technology Resilience, Change Management, SDLC, CI/CD pipeline, and software quality assurance) and Cybersecurity (covering internal and external threat vectors, control weaknesses, and organisational cyber hygiene). We are looking for a candidate with a strong drive for improvement and career growth. /div /div /div /div /div /div /div /div h2 class= heading-2 ace-line old-record-id-doxushHxPgvpIV0pJrijghkWDWe strong What You’ll Be Doing nbsp; /strong /h2 div data-page-id= M2qXdhFX8okrEKxwOq9lguF6gCg data-lark-html-role= root data-docx-has-block-data= false div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div data-page-id= ZaBpd7fv8oXkg7xx4n2lHJilgeh data-lark-html-role= root data-docx-has-block-data= false ul class= list-bullet1 li class= ace-line ace-line old-record-id-doxlgfKZEefzf1InQ072P0HQS1f data-list= bullet div Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate Technology and Security risks, ensuring adherence to the Technology Risk Policy. /div /li li class= ace-line ace-line old-record-id-doxlgsZiSfQqsi0hBmDh3AMwg2d data-list= bullet div Providing oversight of Technology and Security Risk incidents and issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight /div /li li class= ace-line ace-line old-record-id-UA7vdfdT1ooEG7xsKwhlLuPcgFf data-list= bullet div Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Security risks and controls. /div /li li class= ace-line ace-line old-record-id-doxlgwOvgJt9auFoNJb8TUreSDe data-list= bullet div Support the Security Key Risk Indicators (KRIs) definition, monitoring, and reporting. /div /li li class= ace-line ace-line old-record-id-doxlgKBzunI6rbE68SHb1kEWqTf data-list= bullet div Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight /div /li li class= ace-line ace-line old-record-id-doxlgib0VqiMtO3tJZcGEx428ib data-list= bullet div Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line. /div /li li class= ace-line ace-line old-record-id-doxlgR20KCCXfNro1RBenzu6r5b data-list= bullet div Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations. /div /li /ul /div /div /div /div h2 class= heading-2 ace-line old-record-id-doxusWnZPeJsdMU53QGew90VQeh strong What We Look For In You nbsp; /strong /h2 div data-page-id= M2qXdhFX8okrEKxwOq9lguF6gCg data-lark-html-role= root data-docx-has-block-data= false div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div data-page-id= Sb3zd9jEooAhdvxwIIhl024jgwc data-lark-html-role= root data-docx-has-block-data= false div data-page-id= ZaBpd7fv8oXkg7xx4n2lHJilgeh data-lark-html-role= root data-docx-has-block-data= false ul class= list-bullet1 li class= ace-line ace-line old-record-id-Qxfxdhio1oLl7mxpahFlQtd7ghb data-list= bullet div Bachelor’s degree in Information Technology, Computer Science, or a related field /div /li li class= ace-line ace-line old-record-id-SkTPdsUeFoBLSNxxK9Gla6RbgQh data-list= bullet div Minimum 8+ years of experience in Cyber Risk or Information Security; experience in fintech, crypto, blockchain, or cloud-native environments is preferred /div /li li class= ace-line ace-line old-record-id-Yn8NdlIYyoJAboxSET9loytBg9g data-list= bullet div Strong understanding of core cybersecurity domains and tools /div /li li class= ace-line ace-line old-record-id-HYOKd3oOUo1wTIxaMVTlV8LEgvh data-list= bullet div Solid knowledge of cybersecurity and data risk frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and data privacy and protection regulations (e.g., GDPR, PDPA) /div /li li class= ace-line ace-line old-record-id-GMMEdq7NyoLLOkxdYyYluxWSgLd data-list= bullet div Proven track record in project and stakeholder management, including independently conducting risk-control assessments, control testing, incident/issue management, and driving remediation efforts /div /li li class= ace-line ace-line old-record-id-FvAcdkNPvogfWixcIqKlGmZfgqb data-list= bullet div Experience working with Governance, Risk, and Compliance (GRC) platforms in a global or complex organizational setting /div /li li class= ace-line ace-line old-record-id-SDNPdYIzuojLenxjSAMlkcENgZP data-list= bullet div Excellent communication and presentation skills, with the ability to convey technical and risk concepts clearly to a range of audiences /div /li li class= ace-line ace-line old-record-id-JDdrd9atooGK4uxAbeVlEoNbgyh data-list= bullet div Strong interpersonal skills and the ability to collaborate effectively across functions and geographies /div /li li class= ace-line ace-line old-record-id-SVu7ddxKXoXfw0xaUINl91S3gcd data-list= bullet div Comfortable working in a dynamic, fast-paced environment, with a proactive mindset for piloting initiatives and refining them over time /div /li li class= ace-line ace-line old-record-id-RgmIdheCqonsyuxLULFlXIa4goh data-list= bullet div Relevant certifications such as CISSP, CEH, CISA, CISM, or other recognized cybersecurity qualifications /div /li /ul /div /div /div /div h2 strong Perks amp; Benefits nbsp; /strong /h2 ul class= list-bullet1 li class= ace-line ace-line old-record-id-doxusiGYu1NEN28tAL6MW6eR02f data-list= bullet div Competitive total compensation package /div /li li class= ace-line ace-line old-record-id-doxusZLAFVPrRYRGhGyO7FPPUGd data-list= bullet div L amp;D programs and Education subsidy for employees growth and development /div /li li class= ace-line ace-line old-record-id-doxusrrjMT56rfeOQd4cxtYfqud data-list= bullet div Various team building programs and company events /div /li li class= ace-line ace-line old-record-id-doxusPsLADLskP9mMcTuCM7Yf33 data-list= bullet div Wellness and meal allowances /div /li li class= ace-line ace-line old-record-id-doxus6Rf4OlpUSvh83zhfO3l9nK data-list= bullet div Comprehensive healthcare schemes for employees and dependants /div /li li More that we love to tell you along the process! /li /ul p class= p1 Disclaimer: Please note that Hong Kong is a group-level service hub, and OKX does not carry on a business of operating a virtual asset trading platform in Hong Kong. /p p class= p1 span style= color: rgb(255, 255, 255); #LI-CZ1 /span /p p class= p1 span style= color: rgb(255, 255, 255); #LI-ONSITE /span /p /div /div /div /div /div div class= content-conclusion div data-lark-html-role= root span class= text-only data-eleid= 18 span class= text-only span class= text-only data-eleid= 6 Notice: br /span /span /span div data-lark-html-role= root span class= text-only data-eleid= 26 span class= text-only All official /span span class= text-only text-with-abbreviation text-with-abbreviation-bottomline OKX /span span class= text-only vacancies are published on this website. /span /span span class= text-only data-eleid= 28 span class= text-only While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. /span /span strong span class= text-only data-eleid= 29 span class= text-only If in doubt, please apply directly through our official careers website. /span /span /strong /div /div div data-lark-html-role= root span class= text-only data-eleid= 18 span class= text-only Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to nbsp; /span span class= text-only text-with-abbreviation text-with-abbreviation-bottomline OKX /span span class= text-only s /span /span a class= link rich-text-anchor __anchor-intercept-flag__ text-content-link href= https://www.okx.com/en-eu/help/okx-candidate-privacy-notice target= _blank data-eleid= 19 data-lark-is-custom= true data-lark-link= true Candidate Privacy Notice /a span class= text-only data-eleid= 20 span class= text-only . /span /span /div /div