Risk Manager, Technology & Resilience Risk, Hong Kong

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.   OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.    Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.   OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Opportunity

We are seeking a highly motivated Technology & Resilience Risk Manager to join our Technology Risk function within the Operational Risk Management (ORM) team in the Second Line of Defence (2LOD). You will be responsible for continuously refining and scaling the Technology and Operational Resilience program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge. You will be a key member of OKX's Risk team, helping to shape and scale the firm’s Technology Risk Management and Operational Resilience programs. You’ll work closely with stakeholders across Engineering, Product, Risk, Compliance, Internal Audit, Legal, Finance, and HR. You will play a pivotal role in developing and implementing a comprehensive risk management program, focusing on technology incident and issue management, Technology and Operational Resilience (including BCM), Risk and Control Self Assessment (RCSA), Technology Key Risk Indicators (KRI) & Reporting, and Governance, Risk and Control (GRC) system enhancements. The ideal candidate is a process-minded thinker with a strong drive for improvement and career growth. You should possess an understanding of cloud technologies, and knowledge of blockchain will be highly advantageous. You will report to the Senior Risk Manager of Technology Risk.

What You’ll Be Doing 

• Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate technology risks, ensuring adherence to the Technology, Security and Data Risk Policy.
• Providing oversight of Technology Incidents and Issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight
• Refining and scaling the 2LOD Technology and Operational Resilience program, including providing practical templates to enable 1LOD teams to assess and manage their resilience and continuity capabilities.
• Overseeing risk oversight of Technology Architecture & Asset Management and Technology Delivery domains.
• Leading the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Technology risks and controls.
• Supporting the Technology Key Risk Indicators (KRIs) definition, monitoring, and reporting.
• Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight
• Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
• Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.

What We Look For In You 

• Fluent in Mandarin Chinese, with the ability to communicate technical concepts clearly in both written and verbal forms
• Bachelor’s degree in Information Technology, Computer Science, or a related field
• Minimum 5 to 8 years of experience or more in Technology Risk, Operational Resilience or BCM management; experience within fintech, crypto, blockchain, and/or cloud-native companies is preferred.
• Proven track record in project and stakeholder management, independently conducting technology risk-control assessments, control testing, incident and issue management, and driving remediation efforts
• Strong understanding of Technology Resilience, Technology Delivery (SDLC and CI/CD), Business Continuity Management and Disaster Recovery.
• Knowledge of industry best practices and frameworks for technology risk and BCM (e.g., NIST, ISO 22301, ISO 27001)
• Experience working with Governance, Risk, and Compliance (GRC) systems in a global environment
• Excellent communication and presentation skills, with the ability to tailor reports for diverse audiences
• Demonstrated ability to collaborate effectively across all levels of a global organization
• Comfortable working in a dynamic, fast-paced, and evolving environment, with a proactive approach to pilot initiatives and continuous improvement
• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Business Continuity Professional (CBCP), or ISO 22301 Lead Implementer are a strong plus

Perks & Benefits 

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances
• Comprehensive healthcare schemes for employees and dependants
• More that we love to tell you along the process!

#LI-CZ1

#LI-ONSITE