Senior IT Operational Risk Manager

Who We Are

At OKX, we believe the future will be reshaped by technology. Founded in 2017, we are revolutionising world systems through our cutting-edge digital asset exchange, Web3 portal and blockchain ecosystems. We reshape the financial ecosystem by offering some of the most diverse and sophisticated products, solutions, and trading tools on the market. Trusted by more than 50 million users in over 180 countries globally, OKX empowers every individual to explore the world of Web3. With our extensive range of products and services, and unwavering commitment to innovation, OKX envisions a world of financial access backed by blockchain and the power of decentralized finance.

We are innovative in the way we think, work, and in the products we create. We are also socially responsible by actively participating and encouraging employees to take part in various public welfare activities. With more than 3,000 employees around the world, we believe embracing diversity and inclusion will spark the creation of long-term value for the industry. Come Build the Future with Us now!

About the Opportunity

We are seeking a highly motivated Senior IT Operational Risk Manager to join the Operational Risk Management Team to build and scale an effective global risk management program. We’re looking for an experienced risk management professional with IT Operational Risk expertise and experience implementing aspects of a comprehensive ORM program. You will join OKX's broader Enterprise Risk team and partner with colleagues across Compliance, Legal, Security, Risk, Internal Audit, Product and Engineering. You will play a pivotal role in developing and implementing a comprehensive risk management program, focusing on technology/engineering risk assessments, control assurance, incident/issue management, continuity/disaster recovery, and process deep dives. You will report to the OKX Group Head of Operational Risk.

What You’ll Be Doing

• Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate technology operational risks associated with new technologies and infrastructure changes.
• Lead deep dives with the goal of documenting processes, risks, existing controls and identifying control enhancement opportunities; review and socialize with stakeholders as appropriate.
• Champion the Incident and Issue Management program, including the design of Action Plans to drive control enhancements and ensure risk exposures are being tracked, monitored and remediated.
• Partner with stakeholders to investigate, report, and manage incidents in order to understand root cause and drive control enhancements.
• Analyzing new projects and features within the SDLC to identify potential operational risks related to system design, coding, testing, deployment, and maintenance.
• Perform control assurance related activities, including testing of design and operating effectiveness, implementation support, review and challenge of evaluation results, and communication of results with management.
• Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
• Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.

What We Look For In You 

• Bachelor's degree in Information Technology, Computer Science, or a related discipline.
• Minimum 8+ years of experience in technology risk management, preference for those in Operational Risk roles within financial services, digital assets, or technology/engineering.
• Proven experience in project and stakeholder management, independently conducting technology risk-control assessments, control testing activities, managing incidents, issues, and driving remediation efforts.
• Strong understanding of IT systems, networks, and security controls.
• Knowledge of risk assessment methodologies and frameworks (e.g., COSO, NIST, ISO)
• Excellent communication and presentation skills, with the ability to tailor reporting to different audiences.
• Demonstrated ability to collaborate effectively with all levels of a global organization.
• Comfortable in a dynamic, fast paced and ever-changing landscape; adept at handling pilot initiatives and refining over time.
• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) are a plus.
• Experience working in / knowledge of the digital asset space (cryptocurrency, blockchain) is a plus.
• Experience with GRC systems on a global scale is a plus.
• Fluent in both English and Mandarin, additionally Cantonese is a plus.

Perks & Benefits

• Competitive total compensation package
• L&D programs and Education subsidy for employees' growth and development
• Various team building programs and company events
• More that we love to tell you along the process!

#LI-CZ1