Tech Governance - Security Compliance & Governance Engineer

<div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <h2 data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"><br><strong>Who We Are</strong></h2> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div data-page-id="Kpucdjv7JoAcSZxSf7PuRl5Yscb" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> <div data-page-id="Kpucdjv7JoAcSZxSf7PuRl5Yscb" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb">At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.</div> <div class="ace-line ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb">OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.</div> <div class="ace-line ace-line old-record-id-doxusxfrenHjJKtgnorBrzgGFPb">Across our multiple offices globally, we are united by our core principles: <em>We Before Me</em>, <em>Do the Right Thing</em>, and <em>Get Things Done</em>. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.</div> </div> </div> <div class="ace-line ace-line old-record-id-Cfb8dvi9voxFkWxhNcmuJX50sZb"> <div data-page-id="PNNZdiw4Yo1ZOmx8btbucw8qsLG" data-lark-html-role="root" data-docx-has-block-data="false"> <h2 class="heading-2 ace-line old-record-id-PiRwdXFmiomeQDxx0RUuDGJ1sag"><strong>About the Opportunity</strong></h2> <div class="ace-line ace-line old-record-id-NrSYd8kjeoNTrexRDNsuNpZOsMd"> <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxlg8rwmp3TyekE0jR40kbobDg">This is not a traditional GRC hire. The Tech G<span class="text-only" data-eleid="3">overnance</span>&nbsp;Office is looking for someone who combines the governance judgment of a seasoned compliance professional with the drive of a forward-deployed engineer — someone who closes gaps by shipping solutions, navigates ambiguity without hand-holding, and operates with the urgency of a startup and the rigour of a regulated financial institution.</div> <div class="ace-line ace-line old-record-id-doxlgvvXhQmYkiMBS2SUS8xr3rg">You will own complex cross-functional workstreams independently — coordinating across Engineering, Legal, Product, and Finance — while managing external auditors and regulators. Strong written and verbal communication in both English and Mandarin is a meaningful advantage in this role. AI tooling is not optional; it is how you work.</div> </div> </div> <div class="ace-line ace-line old-record-id-GEUbd7sWzobkyGxnNNAufQyQsXe">&nbsp;</div> <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="false"> <h2 class="heading-2 ace-line old-record-id-doxlgrCbo9cq1bjsFjSbQXxYFKc">Who You Are</h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgHTWU5P5k8D7AMa279k0PRg" data-list="bullet"> <div><strong>Self-directed driver</strong> — You run cross-functional workstreams without being managed. Ambiguity is a starting point, not a blocker.</div> </li> <li class="ace-line ace-line old-record-id-doxlgNvxYKpukR3tJQJWWzc0o0f" data-list="bullet"> <div><strong>AI-native operator</strong> — You already use AI to do more, faster — and you raise the floor for the teams around you.</div> </li> <li class="ace-line ace-line old-record-id-doxlgJEZ6jSWMcZeWZBNSkoTUrf" data-list="bullet"> <div><strong>Clear communicator</strong> — You earn trust across regulators, auditors, and C-suite through precision and consistency — in any room.</div> </li> </ul> <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="true"> <h2 class="heading-2 ace-line old-record-id-doxlgsIjXHmhOt5vw1qPUof871f">Culture Fit</h2> <div> <table class="ace-table" data-ace-table-col-widths="365;365"> <tbody> <tr> <td> <div class="ace-line ace-line old-record-id-doxlg1UYpKLAkBByZ97HWLMvx0f">Pace</div> </td> <td> <div class="ace-line ace-line old-record-id-doxlgTqXMcK8FSIeLVf0hwkzNne">Standards</div> </td> </tr> <tr> <td> <div class="ace-line ace-line old-record-id-doxlgjjXOCbXAbk4u7iUSbSkTlb"><strong>Startup velocity</strong> — Decisions move fast. Priorities shift. You ship, iterate, and adapt — without waiting for perfect conditions or top-down direction.</div> </td> <td> <div class="ace-line ace-line old-record-id-doxlgmRy6rzW3IccXEfFV0uW9Nd"><strong>Financial institution rigour</strong> — Audit trails matter. Regulators scrutinise. The bar for accuracy, documentation, and accountability is institutional-grade — always.</div> </td> </tr> </tbody> </table> </div> <div class="ace-line ace-line old-record-id-doxlgsitSJQLvz59DAh5xojM3qh">&gt; The tension between these two is not a bug — it is the job. We are looking for someone who holds both without compromise.</div> </div> </div> <h2 class="heading-2 ace-line old-record-id-HytwdMMd1o5PQtxqi9QudDSMsWV"><strong>What You’ll Be Doing</strong></h2> <div class="ace-line ace-line old-record-id-Gy4ydICWpol34Hxzjdhu4zdVshg"> <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="false"> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgeYz5VAXIzU5Ey6VNs4YnMb" data-list="bullet"> <div>Independently lead audit remediation programmes — assess gaps, develop structured plans, and drive verified closure across engineering, product, legal, and operations without escalation dependency.</div> </li> <li class="ace-line ace-line old-record-id-doxlgwuF9gJnAwWG9n3duWsZHDf" data-list="bullet"> <div>Own cross-functional governance workstreams — set milestones, coordinate accountability, and remove blockers across departments with limited management oversight.</div> </li> <li class="ace-line ace-line old-record-id-doxlgftTS39KQycsVzVr13eY5yd" data-list="bullet"> <div>Conduct IT security and architecture governance reviews — assess whether systems and processes meet applicable standards, and issue findings with clear ownership and remediation timelines.</div> </li> <li class="ace-line ace-line old-record-id-doxlgOXg1d7HQHpMcIQ0bKvzFZg" data-list="bullet"> <div>Build and maintain the policy estate — draft, refine, and operationalise IT governance policies and procedures; translate regulatory requirements into implementation-ready guidance for first-line teams.</div> </li> <li class="ace-line ace-line old-record-id-doxlgs0regP15wLudLzfrm2fYnc" data-list="bullet"> <div>Lead regulator and auditor engagement — serve as the primary coordination interface for external audit and regulatory correspondence, representing the Tech G<span class="text-only" data-eleid="3">overnance</span> Office with credibility and precision.</div> </li> <li class="ace-line ace-line old-record-id-doxlgUyIpVtmmJWClqZQY7bDIJh" data-list="bullet"> <div>Deploy AI to accelerate compliance operations — prototype and scale AI-assisted workflows for evidence collection, control monitoring, audit response, and policy generation; drive team-wide adoption.</div> </li> <li class="ace-line ace-line old-record-id-doxlgSyMmCQkFqrWRccHBTDV36f" data-list="bullet"> <div>Deliver Tech G<span class="text-only" data-eleid="3">overnance</span>-level reporting — produce governance dashboards and executive briefs on remediation status, risk exposure, and regulatory posture, independently and to publication standard.</div> </li> <li class="ace-line ace-line old-record-id-doxlgetnt48sSVyJGLmbEb3NB4e" data-list="bullet"> <div>Track the regulatory horizon — monitor evolving requirements across active jurisdictions, translate changes into prioritised internal action, and brief senior leadership proactively.</div> </li> </ul> </div> </div> <h2 class="heading-2 ace-line old-record-id-ZvAmdvgIGoKyiHxjBTiu68Kcs9d"><strong>What We Look For In You </strong></h2> <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="false"> <h3 class="heading-3 ace-line old-record-id-doxlgi8yph4TAYGtLP0EjOk1S8f">AI Adoption &amp; Application — Must Have</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgtySZs5DGkzTWNoVa3Yojwb" data-list="bullet"> <div>Active daily use of AI tools to accelerate compliance and governance work — demonstrated practice with measurable output impact, not theoretical awareness.</div> </li> <li class="ace-line ace-line old-record-id-doxlgQf6SSYb39sG3dEDds4wSsd" data-list="bullet"> <div>Ability to identify, build, and scale AI-assisted workflows within a Tech G<span class="text-only" data-eleid="3">overnance</span> office context — evidence automation, policy generation, audit response, or control monitoring.</div> </li> <li class="ace-line ace-line old-record-id-doxlgCHbb6rzCOVCJyc4427S3Zf" data-list="bullet"> <div>Working knowledge of AI governance and risk — sufficient to contribute to internal AI oversight frameworks and assess AI-related compliance obligations.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-doxlgEyKtIUF1xNKXKJaVZht2Ug">Independent Cross-Functional Leadership — Must Have</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgsEVyDufIjXHupEVbYFPgjb" data-list="bullet"> <div>Demonstrated ability to own and drive complex, multi-stakeholder workstreams independently — setting direction, coordinating accountability, and delivering outcomes without management escalation.</div> </li> <li class="ace-line ace-line old-record-id-doxlguSBEXnO7r6HI63G8jFVrlg" data-list="bullet"> <div>Track record of influencing without authority across engineering, legal, finance, and operations in a fast-moving environment.</div> </li> <li class="ace-line ace-line old-record-id-doxlgjP9Ud4v0epGmszhUnyCdVf" data-list="bullet"> <div>Comfortable operating under ambiguity and shifting priorities while maintaining institutional-grade standards for accuracy and documentation.</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-doxlgiMDBYOMeF2LWvXizNAj7ug">Experience</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgYLDEhxGuP14cfdx733TeJm" data-list="bullet"> <div>8+ years in IT audit, risk management, compliance, or security governance</div> </li> <li class="ace-line ace-line old-record-id-doxlgPabaB9UmueSpqx8UY0NWIm" data-list="bullet"> <div>3+ years leading governance programmes at a large-scale internet, financial services, or crypto firm</div> </li> <li class="ace-line ace-line old-record-id-doxlgVxLjx0hFiBDFNSrJLnFtXf" data-list="bullet"> <div>Exposure to IPO-readiness or high-scrutiny regulatory examination programmes preferred</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-doxlg6XtvHA9TCtVvzUIweeHQZd">Frameworks &amp; Standards</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgUK7hGH9GaZzYiS8OtcKyrf" data-list="bullet"> <div>ISO 27001, SOC 1/2, PCI-DSS, COBIT, NIST — deep working knowledge</div> </li> <li class="ace-line ace-line old-record-id-doxlgLgq3iNIVEUtB5baOJT1abf" data-list="bullet"> <div>GDPR and APAC data protection regimes</div> </li> <li class="ace-line ace-line old-record-id-doxlgFut545tVDKM4OnTHcMAwCc" data-list="bullet"> <div>Crypto and blockchain-specific compliance risk awareness a strong asset</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-doxlgMokUfb1JfKy6JcSbR2D7Zg">Engineering Sensibility</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgxXi7QtWYMZBtMnAfIFimkb" data-list="bullet"> <div>Able to read and interpret code, architecture diagrams, and technical design documents without engineer-translation dependency</div> </li> <li class="ace-line ace-line old-record-id-doxlgIXwVe4CfyhRMB6wb0gTmJd" data-list="bullet"> <div>Familiarity with cloud environments (Alibaba Cloud, AWS, GCP) and associated security tooling</div> </li> </ul> <h3 class="heading-3 ace-line old-record-id-doxlgSOBLnkaK6rC7O40M60Qmrf">Communication</h3> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgt6AV9PiYSheCZszfUafwbe" data-list="bullet"> <div>Executive-level written and verbal communication in English — board-ready governance briefs, regulator responses, and Tech G<span class="text-only" data-eleid="3">overnance</span>-level reporting produced independently</div> </li> <li class="ace-line ace-line old-record-id-doxlgyztUTVB17Psf2R84o97GBg" data-list="bullet"> <div>Proficiency in Mandarin (written and verbal) is a strong advantage for APAC regulatory and stakeholder engagement</div> </li> </ul> </div> <div class="ace-line ace-line old-record-id-Pyddd7YwWoyKAJxFqgSutn7YsFc">&nbsp; <div data-page-id="RT2fdSNp0o1GcMxVMaIlSCUxgUc" data-lark-html-role="root" data-docx-has-block-data="false"> <h2 class="heading-2 ace-line old-record-id-doxlgN2wycmNgOhoIoZlvR7Nzcb">Preferred Qualifications</h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-doxlgsVN4eKLwnxnZ8KDXe4XZvm" data-list="bullet"> <div>Professional security or governance certification: <strong>CISA · CISSP · CRISC · CISM · CCISO · Agentic AI</strong></div> </li> <li class="ace-line ace-line old-record-id-doxlg6uglgFdpbWVGRLylUCbpZm" data-list="bullet"> <div>Experience building AI-powered compliance tooling — audit automation, continuous control monitoring, or policy-to-control mapping</div> </li> <li class="ace-line ace-line old-record-id-doxlgrnSftU0WYQdtEWlagTZpjm" data-list="bullet"> <div>Prior involvement in SOX ITGC, SEC Reg S-K Item 106, or equivalent listing-authority tech governance programmes</div> </li> <li class="ace-line ace-line old-record-id-doxlgH4ho1rjo6GDM50yJnVapcd" data-list="bullet"> <div>Crypto-native compliance exposure — Proof of Reserves, SAB 121, Travel Rule, AML/CFT programme governance</div> </li> <li class="ace-line ace-line old-record-id-doxlg8Emh7VoEHCXa7xJ0JXZJLh" data-list="bullet"> <div>Active regulatory footprint across MAS, VARA, FCA, HKMA/SFC, or equivalent</div> </li> </ul> <p>&nbsp;</p> <h2 class="heading-2 ace-line old-record-id-doxlgSULcllHLrHjIycwoF9soth">Why This Role</h2> <div class="ace-line ace-line old-record-id-doxlgbalXLfYDQfigshCI8qNlLd">OKX operates across 50+ jurisdictions with live regulatory programmes. The Tech G<span class="text-only" data-eleid="3">overnance</span> Office is building infrastructure-grade compliance capability — not checkbox compliance. This is a rare opportunity to shape how that work gets done: independently, at pace, and with AI at the centre of the method.</div> </div> </div> <h2 class="heading-2 ace-line old-record-id-CmqsdZ2GTo6Z9VxuHx4ugzRRsm3"><strong>Perks &amp;<span style="font-size: 18pt;"> Benefits </span></strong></h2> <ul class="list-bullet1"> <li class="ace-line ace-line old-record-id-XvQudJ7z0ouSnuxOibouMkKzsCc" data-list="bullet"> <div>Competitive total compensation package</div> </li> <li class="ace-line ace-line old-record-id-GAzBdJXxLo291PxrthXurPeds4g" data-list="bullet"> <div>L&amp;D programs and Education subsidy for employees' growth and development</div> </li> <li class="ace-line ace-line old-record-id-CKPxdgHeoosenzxCpV2uV32ysz0" data-list="bullet"> <div>Various team building programs and company events</div> </li> <li class="ace-line ace-line old-record-id-XjPSdIa92oGeLox9Qo9uejVEs4c" data-list="bullet"> <div>Wellness and meal allowances&nbsp;</div> </li> <li class="ace-line ace-line old-record-id-CS34dAJCDoMDHxx95pZu43yjsxB" data-list="bullet"> <div>Comprehensive healthcare schemes for employees and dependants&nbsp;</div> </li> <li class="ace-line ace-line old-record-id-Uqtsd4bN8oaHt7xyPlYuxmfcsob" data-list="bullet"> <div>More that we love to tell you along the process!</div> </li> </ul> <div class="ace-line ace-line old-record-id-JGIsdeznCo2qpfxJAqkuViMfsHS">&nbsp;</div> <div class="ace-line ace-line old-record-id-JGIsdeznCo2qpfxJAqkuViMfsHS"> <div> <div class="job__description body"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxuseysYUio6Qia64JLLAwE7dh"> <div data-page-id="doxusokjWsaOkSCIjzixAfRM3sd" data-docx-has-block-data="false"> <div class="ace-line ace-line old-record-id-doxusaUYeCmu82WSkkm5KDd00db"> <div data-page-id="AEW3d0Y2noLuIcxROuFubTLpsZd" data-docx-has-block-data="false"> <div data-page-id="Zrp2dGhcIo3UFmxud3WuQirssDb" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="I1Zud8CYtoGHccx0MImuyRU4s2c" data-lark-html-role="root" data-docx-has-block-data="false"> <div data-page-id="I1Zud8CYtoGHccx0MImuyRU4s2c" data-lark-html-role="root" data-docx-has-block-data="false"> <h2 class="ace-line ace-line old-record-id-ICVNdKGbzoyJvjx3MkouO6E4sSb"><span style="font-size: 18pt;"><strong>OKX Statement:</strong></span></h2> <div class="ace-line ace-line old-record-id-I3fmdZuJFoTBq5x36pAufcDSstf">OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.</div> <div class="ace-line ace-line old-record-id-BTzbdHPT4oLKUgxn32luBDXHsLb">&nbsp;</div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div><div class="content-conclusion"><div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only"><span class="text-only" data-eleid="6">Notice:<br></span></span></span> <div data-lark-html-role="root"><span class="text-only" data-eleid="26"><span class="text-only">All official </span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only"> vacancies are published on this website.</span></span> <span class="text-only" data-eleid="28"><span class="text-only">While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. </span></span><strong><span class="text-only" data-eleid="29"><span class="text-only">If in doubt, please apply directly through our official careers website.</span></span></strong></div> </div> <div data-lark-html-role="root"><span class="text-only" data-eleid="18"><span class="text-only">Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to&nbsp;</span><span class="text-only text-with-abbreviation text-with-abbreviation-bottomline">OKX</span><span class="text-only">'s </span></span><a class="link rich-text-anchor __anchor-intercept-flag__ text-content-link" href="https://www.okx.com/en-eu/help/okx-candidate-privacy-notice" target="_blank" data-eleid="19" data-lark-is-custom="true" data-lark-link="true">Candidate Privacy Notice</a><span class="text-only" data-eleid="20"><span class="text-only">.</span></span></div></div>