OKX
Security Compliance and Governance Director
OKX, San Jose, California, United States, 95199
Security Compliance and Governance Director
Company:
OKX OKX is a leading crypto exchange where you can buy BTC, ETH, XRP and more. We are committed to shaping a fairer, more transparent and accessible society through blockchain technology. About the Opportunity
Stay abreast of security technologies, global compliance standards, and regulatory requirements. Lead the organization's security technology implementation, compliance programs, and licensing initiatives across key jurisdictions. Direct the security architecture design, compliance certification processes, and license applications. What You’ll Be Doing
Security Technology:
Lead security architecture design and implementation. Guide deployment of security controls, monitoring systems, and incident response capabilities. Review and approve security solutions across cloud and infrastructure. License Applications:
Direct VASP licensing applications across global jurisdictions (Hong Kong, Singapore, Dubai, Europe etc.). Manage relationships with regulatory bodies. Ensure ongoing compliance with licensing requirements. Coordinate with legal and business teams for application processes. Team Leadership:
Build and lead security and compliance teams. Work with cross-functional stakeholders to implement security and compliance requirements. Report to senior management on security, compliance and licensing status. Security Strategy & Governance:
Develop and maintain enterprise security strategy, roadmaps and architectures aligned with business objectives. Establish security governance frameworks, policies, and standards across the organization. Lead security steering committee and provide regular security updates to board/executive management. Manage security budget, resource allocation and strategic vendor relationships. Define and track security metrics, KPIs and risk indicators. What We Look For In You
Multiple language capabilities, both Chinese and English. 10+ years experience in information security and compliance, with strong technical background. Deep understanding of security technologies: network security, cloud security, encryption, access controls, security monitoring. Extensive hands-on experience with security compliance frameworks (ISO 27001, SOC2, PCI-DSS). Experience in cryptocurrency/blockchain industry licensing applications. Strong communication and leadership abilities. Results-oriented with ability to work under pressure. Professional certifications such as CISSP, CISM required. Bachelor's degree in Computer Science, Information Security or related field. Deep expertise in: Application security (SAST/DAST/IAST). Container and Kubernetes security. Hardware security modules (HSM). Secure software development lifecycle (SSDLC). Identity and access management (IAM). API security and microservices security. DDoS protection and WAF implementation. Security automation and orchestration (SOAR). Threat hunting and incident response. Blockchain protocol security. Nice to Haves
Compliance Management: Lead and maintain security certifications including ISO 27001, SOC2, PCI-DSS. Develop security policies and ensure implementation meets global standards. Oversee internal security management system and controls. Advanced degree in relevant field. Experience in cryptocurrency trading platforms. Direct experience obtaining VASP licenses in major jurisdictions. Understanding of global financial regulations and licensing requirements. Additional security or professional certifications. Experience working with regulatory bodies. Homomorphic encryption and zero-knowledge proofs. Advanced malware analysis and reverse engineering. Security architecture patterns for distributed systems. Cloud native security (ALIBABA CLOUD, AWS, Azure, GCP). Security metrics and KPI development. Vendor security assessment frameworks. Perks & Benefits
Competitive total compensation package. L&D programs and Education subsidy for employees' growth and development. Various team building programs and company events. Wellness and meal allowances. Comprehensive healthcare schemes for employees and dependants. More that we love to tell you along the process! OKX Statement
The base salary range for this position is $330,000 to $616,000. The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment-qualified applicants with arrest and conviction records.
#J-18808-Ljbffr
Company:
OKX OKX is a leading crypto exchange where you can buy BTC, ETH, XRP and more. We are committed to shaping a fairer, more transparent and accessible society through blockchain technology. About the Opportunity
Stay abreast of security technologies, global compliance standards, and regulatory requirements. Lead the organization's security technology implementation, compliance programs, and licensing initiatives across key jurisdictions. Direct the security architecture design, compliance certification processes, and license applications. What You’ll Be Doing
Security Technology:
Lead security architecture design and implementation. Guide deployment of security controls, monitoring systems, and incident response capabilities. Review and approve security solutions across cloud and infrastructure. License Applications:
Direct VASP licensing applications across global jurisdictions (Hong Kong, Singapore, Dubai, Europe etc.). Manage relationships with regulatory bodies. Ensure ongoing compliance with licensing requirements. Coordinate with legal and business teams for application processes. Team Leadership:
Build and lead security and compliance teams. Work with cross-functional stakeholders to implement security and compliance requirements. Report to senior management on security, compliance and licensing status. Security Strategy & Governance:
Develop and maintain enterprise security strategy, roadmaps and architectures aligned with business objectives. Establish security governance frameworks, policies, and standards across the organization. Lead security steering committee and provide regular security updates to board/executive management. Manage security budget, resource allocation and strategic vendor relationships. Define and track security metrics, KPIs and risk indicators. What We Look For In You
Multiple language capabilities, both Chinese and English. 10+ years experience in information security and compliance, with strong technical background. Deep understanding of security technologies: network security, cloud security, encryption, access controls, security monitoring. Extensive hands-on experience with security compliance frameworks (ISO 27001, SOC2, PCI-DSS). Experience in cryptocurrency/blockchain industry licensing applications. Strong communication and leadership abilities. Results-oriented with ability to work under pressure. Professional certifications such as CISSP, CISM required. Bachelor's degree in Computer Science, Information Security or related field. Deep expertise in: Application security (SAST/DAST/IAST). Container and Kubernetes security. Hardware security modules (HSM). Secure software development lifecycle (SSDLC). Identity and access management (IAM). API security and microservices security. DDoS protection and WAF implementation. Security automation and orchestration (SOAR). Threat hunting and incident response. Blockchain protocol security. Nice to Haves
Compliance Management: Lead and maintain security certifications including ISO 27001, SOC2, PCI-DSS. Develop security policies and ensure implementation meets global standards. Oversee internal security management system and controls. Advanced degree in relevant field. Experience in cryptocurrency trading platforms. Direct experience obtaining VASP licenses in major jurisdictions. Understanding of global financial regulations and licensing requirements. Additional security or professional certifications. Experience working with regulatory bodies. Homomorphic encryption and zero-knowledge proofs. Advanced malware analysis and reverse engineering. Security architecture patterns for distributed systems. Cloud native security (ALIBABA CLOUD, AWS, Azure, GCP). Security metrics and KPI development. Vendor security assessment frameworks. Perks & Benefits
Competitive total compensation package. L&D programs and Education subsidy for employees' growth and development. Various team building programs and company events. Wellness and meal allowances. Comprehensive healthcare schemes for employees and dependants. More that we love to tell you along the process! OKX Statement
The base salary range for this position is $330,000 to $616,000. The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment-qualified applicants with arrest and conviction records.
#J-18808-Ljbffr