ERM Director

<div class="content-intro"><p><strong>About Us</strong></p> <div data-page-id="HladdPLXIoNz4nxkqkCuk4rAs8v" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-XCikdRR2xoZIjdxtCKcuOflrs8d">Established in 2018, Bybit is one of the world’s leading cryptocurrency exchanges and digital financial platforms, serving over 80 million users across more than 200 countries and regions. Powered by world-class technology and a user-first mindset, Bybit delivers a seamless ecosystem across trading, payments, wealth management, custody, institutional services, and Web3 — connecting users to the future of digital finance.</div> <div class="ace-line ace-line old-record-id-IF06dI0MPoBwYfxbZ4zui13HsoC">&nbsp;</div> <div class="ace-line ace-line old-record-id-X5EbdOwvMoYuOmxQBbuueUEDsDd">Our core values define how we build. We listen, care and improve to create products and experiences that put users first. Backed by a global team of ambitious builders, problem-solvers, and innovators, we foster a high-performance and fast-moving environment where talent is empowered to drive real impact at the global scale. Supported by 24/7 multilingual customer service and a strong commitment to innovation, we are shaping the future of finance through technology, collaboration, and bold execution.</div> <div class="ace-line ace-line old-record-id-LtVud2dO7oglqJxxZoOucqjJsPc">&nbsp;</div> <div class="ace-line ace-line old-record-id-RMHkdm4bPo66l3xMVO8ui1o8sle">Today, Bybit is recognized as one of the most trusted and transparent platforms in the digital asset industry, continuing to expand its global presence while building the infrastructure for the next generation of financial services.</div> </div></div><div data-page-id="PRHkdl5XMoyOAKxwiKBuAKpasmb" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-LDZvdHxtgo5Eh7xCWGluYUt9sRd">We are seeking a highly experienced and capable <strong>Enterprise Risk Management (ERM) Lead</strong> to establish and lead the second-line enterprise risk function for Bybit. This role is responsible for designing and maintaining the ERM framework, providing independent second-line oversight across financial and non-financial risks, and ensuring alignment with global regulatory expectations applicable to cryptocurrency exchanges.</div> <div class="ace-line ace-line old-record-id-LxT0dUL0NocTyvxVRThuZmEYsxb">The role will focus on strengthening risk governance, risk appetite articulation, risk identification and monitoring, and regulatory-facing risk capabilities.</div> <div class="ace-line ace-line old-record-id-SBl9dOF27oj8w1xKRhyuW8YVsWi">This position serves as a key interface with regulators and group-level risk teams and plays a critical role in supporting Bybit’s sustainable growth and regulatory readiness.</div> <div class="ace-line ace-line old-record-id-TIIZdXylEoWHD2xHvhYuxuiosFK">This position reports to the Global Head of Internal Audit and Enterprise Risk.</div> <h2 class="heading-2 ace-line old-record-id-UogOdH3U9osONjxGyQPuqLl0sCh">Responsibilities</h2> <h3 class="heading-3 ace-line old-record-id-C7Kldy7MQo7kGUxOPwaupwTisGg">ERM Framework &amp; Governance</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-HFUFduRCbo2R9Sxq1UquY5WlsYg" data-list="bullet"> <div>Lead the establishment and ongoing enhancement of the group-wide ERM framework, acting as the second-line owner of ERM.</div> </li> <li class="ace-line ace-line old-record-id-LGFcdPPh4oaa9ExpGZtuxwsusph" data-list="bullet"> <div>Design and enhance risk governance structures, policies, and standards in alignment with <strong>COSO ERM</strong>, <strong>ISO 31000</strong>, and relevant regulatory requirements.</div> </li> <li class="ace-line ace-line old-record-id-IrbNd40a1oQcb3xNejDuOF36sNg" data-list="bullet"> <div>Develop and maintain risk taxonomy, risk classification standards, and risk appetite statements to ensure consistency across regions and business units.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-LlDCd9lNKoSfRfxeKzMuvvRgsYc">Enterprise Risk Identification &amp; Monitoring</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-JEJQd8UGio2h8lxX2D8u6mUjscT" data-list="bullet"> <div>Coordinate the identification and assessment of enterprise-wide risks across regions and BUs, covering both financial and non-financial risk domains.</div> </li> <li class="ace-line ace-line old-record-id-PIp8dbvrEoxn5wxHzAou1VajsIg" data-list="bullet"> <div>Work collaboratively with first-line and second-line functions (e.g. Finance, Security, Legal and Compliance, and group-level risk teams) to ensure <strong>appropriate and sufficient risk mitigation and monitoring measures</strong> are in place.</div> </li> <li class="ace-line ace-line old-record-id-H2Z4dR09koE0zKxmIVyuqJDmsrc" data-list="bullet"> <div>Ensure risk identification, assessment, and monitoring approaches are <strong>consistent, proportionate, and aligned</strong> with Bybit’s approved risk appetite, strategic objectives, and regulatory expectations.</div> </li> <li class="ace-line ace-line old-record-id-RMDTd0Y93o9C7axIAAwudx8esjc" data-list="bullet"> <div>Maintain the enterprise <strong>Risk Register</strong>, and associated risk and control logs covering all material financial and non-financial risks across the business.</div> </li> </ul> <h2 class="heading-2 ace-line old-record-id-AbL3dIyGio1fvFxso9UuCwGFsnR">Risk Advisory, Monitoring &amp; Reporting</h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-AnYLdN50JoUDRwxSKAauw43LsWh" data-list="bullet"> <div>Act as a central <strong>risk advisory function</strong> on specific risk topics (e.g. third-party and outsourcing risks, liquidity risk, operational and technology risks), working collaboratively with relevant teams to support effective risk mitigation and monitoring.</div> </li> <li class="ace-line ace-line old-record-id-OpBzdXQGdo55nUxrPMju2AFYsWd" data-list="bullet"> <div>Design and coordinate <strong>Risk and Control Self-Assessments (RCSAs)</strong> to assess the adequacy of key controls and to identify emerging risk trends across the business.</div> </li> <li class="ace-line ace-line old-record-id-N6SbdDv3goa3jKxL0ZHuJRMjsYb" data-list="bullet"> <div>Develop and maintain <strong>Key Risk Indicators (KRIs)</strong> to enable ongoing monitoring of material risks and early identification of risk deterioration.</div> </li> <li class="ace-line ace-line old-record-id-KNwXd8SmZookSrx6v8JuJekfsGb" data-list="bullet"> <div>Maintain enterprise-level <strong>risk dashboards, heatmaps, and reporting</strong>, providing clear visibility of risk trends, incidents, and control effectiveness to senior management and the board.</div> </li> <li class="ace-line ace-line old-record-id-X1qgda2fworADwxQciwuY1gTsDh" data-list="bullet"> <div>Ensure risk incidents, material risk events, and remediation actions are appropriately captured, analyzed, and reflected in enterprise risk reporting</div> </li> </ul> <h2 class="heading-2 ace-line old-record-id-KEXbdrEZuor1HlxMlD5uJ8LCsee">Business Continuity Management (BCM)</h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-YVHddhTdUomVC3xXJP6u9UtHshc" data-list="bullet"> <div>Support the development and periodic review of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).</div> </li> <li class="ace-line ace-line old-record-id-KcXOdDiRYoCGF5xJACMuf7LQsAf" data-list="bullet"> <div>Participate in business impact analyses and risk scenario planning, and ensure resilience measures are well-documented and effective.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-BRkkdcoFwoDDqgxtksvuxMt3s4e">Group &amp; Regulatory Coordination</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-WB0QdV1mdoMJtCxOkC1uX6d2sph" data-list="bullet"> <div>Act as the primary liaison with group-level risk and compliance teams, ensuring local ERM implementation aligns with broader group strategy and expectations.</div> </li> <li class="ace-line ace-line old-record-id-JlUGddUAnoid1TxqAb3uw33bsQe" data-list="bullet"> <div>Implement group-wide risk policies, standards, and procedures, tailoring them to local regulatory and operational contexts.</div> </li> <li class="ace-line ace-line old-record-id-RDjJdbLnao5Gzuxde2Yu3Opeswf" data-list="bullet"> <div>Coordinate and support group risk reporting requirements, contributing to consolidated dashboards, reviews, regulatory engagements, and audits.</div> </li> </ul> <div class=" old-record-id-DttUdT8CjoNMRGxKejXuqOqssdf" data-type="divider"><hr></div> <h2 class="heading-2 ace-line old-record-id-FBJKdgXikop3RNx9hY1uV7yZsIc">Requirements</h2> <h3 class="heading-3 ace-line old-record-id-EtcxdQ6tUokctyx3HWlu20zosvf">Qualifications &amp; Experience</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-NOSLdAzFkoV2YCxbCxLuJw51s5Y" data-list="bullet"> <div>Bachelor’s degree in Risk Management, Finance, Accounting, Business, Engineering, or a related discipline.</div> </li> <li class="ace-line ace-line old-record-id-Ev5GdcgeGoRAiUxABqOuuNgxshe" data-list="bullet"> <div><strong>12–15+ years</strong> of experience in enterprise risk management, second-line risk, or regulatory risk roles within a cryptocurrency exchange, financial institution, regulator or fintech.</div> </li> <li class="ace-line ace-line old-record-id-KclPd0gmwoYyk1xTAN4uNZMsscc" data-list="bullet"> <div>Proven experience designing, implementing, and operating ERM frameworks in multi-jurisdictional and regulated environments.</div> </li> <li class="ace-line ace-line old-record-id-LVD3dqU7CoUYtqx1d4UuuQzEs3b" data-list="bullet"> <div>Demonstrated experience engaging with regulators and senior management on enterprise risk matters.</div> </li> <li class="ace-line ace-line old-record-id-EBmNdRJbKoHJdSxqG3mu26x9sGd" data-list="bullet"> <div><strong>Candidates with less extensive experience may be considered for a Senior Manager role</strong>, subject to demonstrated depth in ERM expertise, regulatory engagement capability, and overall role fit. Appointment at <strong>Director level</strong> will be reserved for candidates with proven ability to lead ERM frameworks, engage regulators independently, and operate at a strategic level.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-P5N4dlE9YoUJU4xX4b5uN0czsNh">Technical Expertise</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-C28pdqbQqolquix0uUSu9fTRsFc" data-list="bullet"> <div>Strong knowledge of ERM frameworks, including <strong>COSO ERM</strong> and <strong>ISO 31000</strong>.</div> </li> <li class="ace-line ace-line old-record-id-LgDLdBvx9oOqMDxfIIhuLKvGsZc" data-list="bullet"> <div>Solid understanding of financial and non-financial risks, including financial and treasury, market integrity and trading, operational, technology, cybersecurity, and third-party risks.</div> </li> <li class="ace-line ace-line old-record-id-QswLdsEk2opzZLxmdSCujhtJsJe" data-list="bullet"> <div>Experience in risk appetite implementation, KRI design, scenario analysis, and stress testing.</div> </li> <li class="ace-line ace-line old-record-id-H9EndAKBhoy0jTxsfJ2uZXTys6e" data-list="bullet"> <div>Familiarity with crypto exchange operating models, technology infrastructure, and regulatory expectations is highly desirable.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-VOGCd0pw7oNivZx5vftuvastsV7">Leadership &amp; Soft Skills</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-MhvGdLJsaoXzYNx7NWhu8CXOsCh" data-list="bullet"> <div>Strong stakeholder management and influencing skills, with the ability to provide effective second-line challenge.</div> </li> <li class="ace-line ace-line old-record-id-BXrTdrMV4ozLYbxmPOXuqbGhs2d" data-list="bullet"> <div>Excellent analytical, structuring, and documentation skills.</div> </li> <li class="ace-line ace-line old-record-id-GynJdRtzJoHhWYxYD3bu9r0fsKd" data-list="bullet"> <div>Clear and confident communicator, capable of engaging senior leadership, boards, and regulators.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-FcjbdUd5wonAO7x4Li3uWl7ksug">Certifications</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-AyvidqAIrol0iPx1KCQuapUNsbg" data-list="bullet"> <div>Professional certifications such as <strong>FRM, PRM, CRM</strong> or equivalent ERM-related certifications are strongly preferred.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-ZbSVdjU5ioydwFxb5oAu3bdKsYd">Other Requirements</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-J9ELd9tJToz6VbxEqqGuHsZ7sWd" data-list="bullet"> <div>Ability to operate effectively in a fast-paced, evolving regulatory environment.</div> </li> <li class="ace-line ace-line old-record-id-Ghp6d5DPTodiUGxNSbduMk1Ks3e" data-list="bullet"> <div>Experience working across regions and cultures.</div> </li> <li class="ace-line ace-line old-record-id-KrHGdA2syon9KHxnhacujSdzs9g" data-list="bullet"> <div>Proficiency in English and Chinese.</div> </li> <li class="ace-line ace-line old-record-id-Y7EBdBbpvo1u6sxNuLEuhEVFslg" data-list="bullet"> <div>Location: Hong Kong / Malaysia / Abu Dhabi</div> </li> </ul> </div> <p>&nbsp;</p><div class="content-conclusion"><p><strong>Why Join Us</strong><br>At Bybit, we are committed to fostering a supportive and enriching work environment.&nbsp;<br>Our benefits include:<br>- Study Growth Fund: We support your professional development and continuous learning.<br>- Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.<br>- Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.<br>- Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.<br>- Internal Mobility: Grow with us- Your long-term development is important to us. We offer internal job opportunities to help build your career path.</p></div>