Sr Director - Security Compliance and Governance

Who We AreAt OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.About the OpportunityStay abreast of security technologies, global compliance standards, and regulatory requirements. Lead the organization's security technology implementation, compliance programs, and licensing initiatives across key jurisdictions. Direct the security architecture design, compliance certification processes, and license applications.What You’ll Be DoingSecurity Technology: Lead security architecture design and implementation. Guide deployment of security controls, monitoring systems, and incident response capabilities. Review and approve security solutions across cloud and infrastructure.License Applications: Direct VASP licensing applications across global jurisdictions (Hong Kong, Singapore, Dubai, Europe etc.). Manage relationships with regulatory bodies. Ensure ongoing compliance with licensing requirements. Coordinate with legal and business teams for application processes.Team Leadership: Build and lead security and compliance teams. Work with cross-functional stakeholders to implement security and compliance requirements. Report to senior management on security, compliance and licensing status.Security Strategy & Governance:Develop and maintain enterprise security strategy, roadmaps and architectures aligned with business objectives. Establish security governance frameworks, policies, and standards across the organization. Lead security steering committee and provide regular security updates to board/executive management. Manage security budget, resource allocation and strategic vendor relationships. Define and track security metrics, KPIs and risk indicatorsWhat We Look For In YouMultiple language capabilities, both chinese and english10+ years experience in information security and compliance, with strong technical backgroundDeep understanding of security technologies: network security, cloud security, encryption, access controls, security monitoringExtensive hands-on experience with security compliance frameworks (ISO 27001, SOC2, PCI-DSS)Experience in cryptocurrency/blockchain industry licensing applicationsStrong communication and leadership abilitiesResults-oriented with ability to work under pressureProfessional certifications such as CISSP, CISM requiredBachelor's degree in Computer Science, Information Security or related fieldDeep expertise in:Application security (SAST/DAST/IAST)Container and kubernetes securityHardware security modules (HSM)Secure software development lifecycle (SSDLC)Identity and access management (IAM)API security and microservices securityDDoS protection and WAF implementationSecurity automation and orchestration (SOAR)Threat hunting and incident responseBlockchain protocol securityNice to HavesCompliance Management: Lead and maintain security certifications including ISO 27001, SOC2, PCI-DSS. Develop security policies and ensure implementation meets global standards. Oversee internal security management system and controls.Advanced degree in relevant fieldExperience in cryptocurrency trading platformsDirect experience obtaining VASP licenses in major jurisdictionsUnderstanding of global financial regulations and licensing requirementsAdditional security or professional certificationsExperience working with regulatory bodiesHomomorphic encryption and zero-knowledge proofsAdvanced malware analysis and reverse engineeringSecurity architecture patterns for distributed systemsCloud native security (ALIBABA CLOUD, AWS, Azure, GCP)Security metrics and KPI developmentVendor security assessment frameworksPerks & Benefits Competitive total compensation packageL&D programs and Education subsidy for employees' growth and developmentVarious team building programs and company eventsWellness and meal allowancesComprehensive healthcare schemes for employees and dependantsMore that we love to tell you along the process!OKX StatementThe base salary range for this position is $330,000 to $616,000. The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment-qualified applicants with arrest and conviction records.#LI-HYBRID#LI-ED1