Jobs › Tech Governance - Security Compliance & Governance Engineer
Tech Governance - Security Compliance & Governance Engineer
ace-line old-record-id- ace-line old-record-id- ace-line old-record-id- ace-line old-record-id- ace-line old-record-id- ace-line old-record-id-
strong Who We Are
ace-line old-record-id- ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual s freedom.
ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb Across our multiple offices globally, we are united by our core principles: em We Before Me, em Do the Right Thing, and em Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
ace-line old-record-id- ace-line old-record-id- strong About the Opportunity
ace-line old-record-id- ace-line old-record-id- This is not a traditional GRC hire. The Tech G span overnance Office is looking for someone who combines the governance judgment of a seasoned compliance professional with the drive of a forward-deployed engineer — someone who closes gaps by shipping solutions, navigates ambiguity without hand-holding, and operates with the urgency of a startup and the rigour of a regulated financial institution.
ace-line old-record-id- You will own complex cross-functional workstreams independently — coordinating across Engineering, Legal, Product, and Finance — while managing external auditors and regulators. Strong written and verbal communication in both English and Mandarin is a meaningful advantage in this role. AI tooling is not optional; it is how you work.
ace-line old-record-id-
ace-line old-record-id- Who You Are
ace-line old-record-id- strong Self-directed driver — You run cross-functional workstreams without being managed. Ambiguity is a starting point, not a blocker.
ace-line old-record-id- strong AI-native operator — You already use AI to do more, faster — and you raise the floor for the teams around you.
ace-line old-record-id- strong Clear communicator — You earn trust across regulators, auditors, and C-suite through precision and consistency — in any room.
ace-line old-record-id- Culture Fit
table ace-line old-record-id- Pace
ace-line old-record-id- Standards
ace-line old-record-id- strong Startup velocity — Decisions move fast. Priorities shift. You ship, iterate, and adapt — without waiting for perfect conditions or top-down direction.
ace-line old-record-id- strong Financial institution rigour — Audit trails matter. Regulators scrutinise. The bar for accuracy, documentation, and accountability is institutional-grade — always.
ace-line old-record-id- The tension between these two is not a bug — it is the job. We are looking for someone who holds both without compromise.
ace-line old-record-id- strong What You’ll Be Doing
ace-line old-record-id- ace-line old-record-id- Independently lead audit remediation programmes — assess gaps, develop structured plans, and drive verified closure across engineering, product, legal, and operations without escalation dependency.
ace-line old-record-id- Own cross-functional governance workstreams — set milestones, coordinate accountability, and remove blockers across departments with limited management oversight.
ace-line old-record-id- Conduct IT security and architecture governance reviews — assess whether systems and processes meet applicable standards, and issue findings with clear ownership and remediation timelines.
ace-line old-record-id- Build and maintain the policy estate — draft, refine, and operationalise IT governance policies and procedures; translate regulatory requirements into implementation-ready guidance for first-line teams.
ace-line old-record-id- Lead regulator and auditor engagement — serve as the primary coordination interface for external audit and regulatory correspondence, representing the Tech G span overnance Office with credibility and precision.
ace-line old-record-id- Deploy AI to accelerate compliance operations — prototype and scale AI-assisted workflows for evidence collection, control monitoring, audit response, and policy generation; drive team-wide adoption.
ace-line old-record-id- Deliver Tech G span overnance -level reporting — produce governance dashboards and executive briefs on remediation status, risk exposure, and regulatory posture, independently and to publication standard.
ace-line old-record-id- Track the regulatory horizon — monitor evolving requirements across active jurisdictions, translate changes into prioritised internal action, and brief senior leadership proactively.
ace-line old-record-id- strong What We Look For In You
ace-line old-record-id- AI Adoption and Application — Must Have
ace-line old-record-id- Active daily use of AI tools to accelerate compliance and governance work — demonstrated practice with measurable output impact, not theoretical awareness.
ace-line old-record-id- Ability to identify, build, and scale AI-assisted workflows within a Tech G span overnance office context — evidence automation, policy generation, audit response, or control monitoring.
ace-line old-record-id- Working knowledge of AI governance and risk — sufficient to contribute to internal AI oversight frameworks and assess AI-related compliance obligations.
ace-line old-record-id- Independent Cross-Functional Leadership — Must Have
ace-line old-record-id-doxlgsEVyDufIjXHupEVbYFPgjb Demonstrated ability to own and drive complex, multi-stakeholder workstreams independently — setting direction, coordinating accountability, and delivering outcomes without management escalation.
ace-line old-record-id- Track record of influencing without authority across engineering, legal, finance, and operations in a fast-moving environment.
ace-line old-record-id- Comfortable operating under ambiguity and shifting priorities while maintaining institutional-grade standards for accuracy and documentation.
ace-line old-record-id- Experience
ace-line old-record-id- 8+ years in IT audit, risk management, compliance, or security governance
ace-line old-record-id- 3+ years leading governance programmes at a large-scale internet, financial services, or crypto firm
ace-line old-record-id- Exposure to IPO-readiness or high-scrutiny regulatory examination programmes preferred
ace-line old-record-id- Frameworks and Standards
ace-line old-record-id- ISO 27001, SOC 1/2, PCI-DSS, COBIT, NIST — deep working knowledge
ace-line old-record-id- GDPR and APAC data protection regimes
ace-line old-record-id- Crypto and blockchain-specific compliance risk awareness a strong asset
ace-line old-record-id- Engineering Sensibility
ace-line old-record-id- Able to read and interpret code, architecture diagrams, and technical design documents without engineer-translation dependency
ace-line old-record-id- Familiarity with cloud environments (Alibaba Cloud, AWS, GCP) and associated security tooling
ace-line old-record-id- Communication
ace-line old-record-id- Executive-level written and verbal communication in English — board-ready governance briefs, regulator responses, and Tech G span overnance -level reporting produced independently
ace-line old-record-id- Proficiency in Mandarin (written and verbal) is a strong advantage for APAC regulatory and stakeholder engagement
ace-line old-record-id- ace-line old-record-id- Preferred Qualifications
ace-line old-record-id- Professional security or governance certification: strong CISA · CISSP · CRISC · CISM · CCISO · Agentic AI
ace-line old-record-id- Experience building AI-powered compliance tooling — audit automation, continuous control monitoring, or policy-to-control mapping
ace-line old-record-id- Prior involvement in SOX ITGC, SEC Reg S-K Item 106, or equivalent listing-authority tech governance programmes
ace-line old-record-id- Crypto-native compliance exposure — Proof of Reserves, SAB 121, Travel Rule, AML/CFT programme governance
ace-line old-record-id- Active regulatory footprint across MAS, VARA, FCA, HKMA/SFC, or equivalent
ace-line old-record-id- Why This Role
ace-line old-record-id- OKX operates across 50+ jurisdictions with live regulatory programmes. The Tech G span overnance Office is building infrastructure-grade compliance capability — not checkbox compliance. This is a rare opportunity to shape how that work gets done: independently, at pace, and with AI at the centre of the method.
ace-line old-record-id- strong Perks and span 18pt; Benefits
ace-line old-record-id- Competitive total compensation package
ace-line old-record-id- L and D programs and Education subsidy for employees growth and development
ace-line old-record-id- Various team building programs and company events
ace-line old-record-id- Wellness and meal allowances
ace-line old-record-id- Comprehensive healthcare schemes for employees and dependants
ace-line old-record-id- More that we love to tell you along the process!
ace-line old-record-id-
ace-line old-record-id- body ace-line old-record-id- ace-line old-record-id- ace-line old-record-id- span 18pt; strong OKX Statement:
ace-line old-record-id- OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.
ace-line old-record-id-
span span span Notice:
span span All official span text-with-abbreviation text-with-abbreviation-bottomline OKX span vacancies are published on this website. span span While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. strong span span If in doubt, please apply directly through our official careers website.
span span Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to span text-with-abbreviation text-with-abbreviation-bottomline OKX span s a rich-text-anchor __anchor-intercept-flag__ text-content-link Candidate Privacy Notice span span.