Xrex

About

Want to build a worldwide brand from Taiwan, and to communicate our brand story to millions of users worldwide?
Want to be based in Taiwan but work in a silicon-valley-like environment, and to build world-class brand and products?
Want to participate in the global fintech and blockchain movement, and work at an English-speaking workplace?
Come change the world with us! Join this fast-growing startup founded by software veterans and funded by top VCs, Skype co-founders, and the Taiwanese government (NDF)!
We’re hiring for an experienced Security Engineer. The exact mix of other skills does not matter, so long as your tool chest includes a mix of abilities. Be willing to attack anything that comes your way, learn on the fly and get things done. Come talk to us if you want to push your skillset in a dynamic fast-paced environment.


Responsibilities

1. Information Security Policy & Procedure Design
- Assist in drafting and maintaining information security policies, standards, and standard operating procedures (SOPs), ensuring alignment between policy design and actual operations.
- Regularly review the effectiveness of security controls and make adjustments based on operational needs or regulatory changes.

2. Control Effectiveness Assessment & Process Support
- Conduct risk assessments and provide recommendations for control design within the company's IT processes (e.g., access control, change management, backup/redundancy).
- Support related departments in enhancing the maturity of security controls embedded in their workflows.

3. Audit Coordination & Documentation
- Act as the point of contact for internal audits, external audits, and regulatory inspections, providing required documentation and process explanations.
- Prepare and organize supporting documents such as control narratives, process flowcharts, and audit workpapers.

4. Security Compliance & Regulatory Support
- Analyze whether the company's information practices comply with relevant laws (e.g., Cyber Security Management Act, Personal Data Protection Act, GDPR) and industry standards (e.g., ISO, NIST).
- Support the integration of security policies with compliance requirements, and provide implementation guidance and training resources to departments.

5. Security Awareness & Policy Promotion
- Plan and execute activities to raise cybersecurity awareness, including training programs, internal presentations, and online course content.
- Promote information security policies and processes to ensure effective implementation across the organization.

Requirements
- Bachelor’s degree in Information Security, Computer Science, IT Management, Risk Management, or related fields

- 3–5 years of experience in information security, with both policy writing and audit experience

- Familiar with frameworks like ISO 27001, CIS Controls, or MAS TRM

- Able to review IT processes, design controls, and write security policies and SOPs

- Experience supporting internal/external audits or regulatory checks

- Able to track and report on audit findings and improvement plans

Preferred Traits
- Good understanding of how to turn regulations into practical rules and workflows

- Able to work independently and coordinate across departments

- Strong writing and documentation skills

- Compliance-minded and aware of how security affects business and reputation

- Detail-oriented, good at identifying key risks and control points

Nice to Have
- Certifications such as CISA, CISM, or ISO 27001 LA/LI

- Experience in cross-team projects or process reviews

- Familiarity with financial industry audits

- Experience leading security policy implementation independently

Location: Taipei (check us out on Google Maps!)

About XREX

Regarding our culture