Senior Compliance Manager - EU

Who We Are

OKX is revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology and to date, we have 50+ million users, 3000+ employees and 180+ countries believing in the same vision as us. We are safe and reliable, backed by our Proof of Reserves. As strong supporters of the Arts and Sports, we are proud partners of @McLarenF1 @ManCity @Tribeca.

About the Role

• Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection.
• Ensure timely updates and maintenance of the internal information security management system.
• Apply for information security certifications such as ISO 27001, SOC, and PCI for our products.
• Advocate for and oversee the implementation of security compliance and privacy protection requirements.
• Promptly address and rectify any non-compliant items.
• Validate and verify that the organization's security controls meet industry requirements.
• Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations.
• Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications.

What You’ll Be Doing

• Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, Emerging Technologies (AI/ML, FinTech). Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to management.
• Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.).
• Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for OKX. Develop and maintain subject matter expertise in one or more technology domains.
• Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions.
• Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services.
• Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement.

What We Look For In You

• 5+ years of relevant experience in managing ISO 27001:2022, SOC 2 audits, and compliance programs within a global organizational setting.
• Demonstrate extensive knowledge and hands-on experience with cybersecurity frameworks, such as ISO 27001, PCI-DSS, SOC 2, and other relevant regulatory requirements.
• Exhibit excellent communication skills and logical reasoning abilities.
• Maintain a composed demeanor, showcasing a robust commitment to continuous learning and a collaborative, team-oriented mindset.
• Display self-driven and results-oriented attributes, enjoy challenging tasks, demonstrate a genuine enthusiasm for work, and work well under pressure.

• Relevant experience in Technology Audit, Risk Management, CyberSecurity Compliance or Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.) and/or Big4 consulting.
• Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects.
• Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives.
• Industry experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus.

• Professional interests: Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business.
• Analytical skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements.
• Communication skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team.
• Global Experience: Experience working in a global organization and managing projects across different time zones (America and EMEA).

Nice to Haves

• Relevant industry certifications such as CISM, CISA, CISSP are preferred.
• Cloud Security / Cloud technology experience (AWS certification)
• Experience in ISO management systems, SOC audits, and PCI certification is preferred.
• Experience in compliance with virtual currency trading platforms, experience with EU regulations and regulatory landscape 

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• Wellness and meal allowances 
• Comprehensive healthcare schemes for employees and dependents