Head of Cybersecurity Audit

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.  

About the Opportunity

OKX is undertaking a significant global team buildout, and we are looking for an experienced and visionary Head of Cybersecurity Audit to lead this critical function. This is a unique opportunity to shape the cybersecurity audit landscape within a leading crypto organization, ensuring the highest levels of security and compliance for our global operations. You will build and lead a high-performing team, drive strategic initiatives, and directly impact the security posture of innovative crypto products and infrastructure.   We are seeking a seasoned cybersecurity audit professional with demonstrable experience in the crypto exchange or crypto product space. The ideal candidate will possess a deep understanding of cybersecurity and audit principles applied to novel technical and control environments, coupled with strong leadership and analytical skills. Ability to work effectively across timezones given the global nature of the organization and the audit team.  

What You’ll Be Doing

• Lead and manage a global cybersecurity audit team, including driving the cybersecurity audit strategy and risk monitoring program.
• Drive the execution of global Information Security audit programs, ensuring comprehensive coverage and adherence to best practices.
• Oversee IT incident validations and provide critical support for group-wide IT certifications.
• Collaborate effectively with functional and regional portfolio leads to provide expert IT security controls testing support for integrated audits.
• Develop and implement advanced audit methodologies tailored to the unique complexities of blockchain technology, crypto exchanges, and decentralized systems.
• Provide strategic guidance and insights on emerging cybersecurity risks and controls in the cryptocurrency space to senior leadership.

 

What We Look For In You

• Prior Experience Leading Cybersecurity Audit Teams in the Crypto Exchange/Crypto Product Space is Essential.
• Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
• Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
• Data Analytics/SQL for Deep Security Analysis: Proficiency in querying and analyzing large volumes of security logs, blockchain transaction data, wallet addresses, vulnerability scan outputs, penetration test results, and threat intelligence feeds to identify sophisticated attack patterns, anomalies, and potential illicit activities unique to crypto.
• Security Auditing and Compliance: Deep understanding of common cybersecurity frameworks (e.g., NIST CSF, ISO 27001) applied within the unique risk context of a crypto exchange. Ability to assess compliance with emerging crypto-specific security standards and regulatory guidance.
• Vulnerability Assessment & Penetration Testing (VAPT) Interpretation & Oversight for Crypto Assets: Ability to plan, scope, interpret, and assess the remediation effectiveness of VAPTs specifically targeting blockchain infrastructure, smart contracts, exchange platforms, and wallet security.
• Incident Response & Forensics for Crypto Incidents: Expertise in incident response lifecycles and forensic investigation techniques specifically tailored for crypto incidents (e.g., fund misappropriation, smart contract exploits, private key compromises, denial-of-service on nodes).
• Network Security for High-Value Crypto Infrastructure: Advanced expertise in evaluating highly resilient and secure network architectures for crypto exchanges, including multi-layer defenses, DDoS mitigation for high-volume transactions, and secure connectivity to blockchain nodes and custodians.
• Cloud Security for Distributed Crypto Systems: In-depth understanding of cloud security principles and ability to audit complex cloud deployments hosting distributed ledger nodes, hot/cold wallet infrastructure, and high-performance trading engines across multiple cloud providers.
• Security Information and Event Management (SIEM) for Blockchain and Crypto Systems: Ability to assess the configuration, correlation rules, and alerting mechanisms of SIEM solutions specifically integrated with blockchain nodes, off-chain transaction systems, and crypto-specific logs to detect sophisticated threats.
• Understanding of Cyber Threat Landscape & Attack Vectors: In-depth knowledge of unique attack vectors targeting crypto exchanges (e.g., flash loan attacks, reentrancy attacks, oracle manipulation, phishing for private keys, supply chain attacks on blockchain software) and the specific techniques used by threat actors in this space.
• Risk Management Principles for Cybersecurity: Advanced grasp of cybersecurity risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
• Knowledge of Specific Regulatory Requirements: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs) and how these translate to technical controls.

   Perks & Benefits 

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!

  OKX Statement: OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.  

• The salary range for this position is $240,000 - $360,000
• The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.