Security Compliance and Governance Director

San Jose, California, United States

OKX

Buy BTC, ETH, XRP and more on OKX, a leading crypto exchange – explore Web3, invest in DeFi and NFTs. Register now and experience the future of finance.

View all jobs at OKX

Apply now Apply later

Who We Are

At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.
We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.

About the Opportunity

Stay abreast of security technologies, global compliance standards, and regulatory requirements. Lead the organization's security technology implementation, compliance programs, and licensing initiatives across key jurisdictions. Direct the security architecture design, compliance certification processes, and license applications.

What You’ll Be Doing

  • Security Technology: Lead security architecture design and implementation. Guide deployment of security controls, monitoring systems, and incident response capabilities. Review and approve security solutions across cloud and infrastructure.
  • License Applications: Direct VASP licensing applications across global jurisdictions (Hong Kong, Singapore, Dubai, Europe etc.). Manage relationships with regulatory bodies. Ensure ongoing compliance with licensing requirements. Coordinate with legal and business teams for application processes.
  • Team Leadership: Build and lead security and compliance teams. Work with cross-functional stakeholders to implement security and compliance requirements. Report to senior management on security, compliance and licensing status.
  • Security Strategy & Governance:Develop and maintain enterprise security strategy, roadmaps and architectures aligned with business objectives. Establish security governance frameworks, policies, and standards across the organization. Lead security steering committee and provide regular security updates to board/executive management. Manage security budget, resource allocation and strategic vendor relationships. Define and track security metrics, KPIs and risk indicators

What We Look For In You

  • Multiple language capabilities, both chinese and english
  • 10+ years experience in information security and compliance, with strong technical background
  • Deep understanding of security technologies: network security, cloud security, encryption, access controls, security monitoring
  • Extensive hands-on experience with security compliance frameworks (ISO 27001, SOC2, PCI-DSS)
  • Experience in cryptocurrency/blockchain industry licensing applications
  • Strong communication and leadership abilities
  • Results-oriented with ability to work under pressure
  • Professional certifications such as CISSP, CISM required
  • Bachelor's degree in Computer Science, Information Security or related field
  • Deep expertise in:
    • Application security (SAST/DAST/IAST)
    • Container and kubernetes security
    • Hardware security modules (HSM)
    • Secure software development lifecycle (SSDLC)
    • Identity and access management (IAM)
    • API security and microservices security
    • DDoS protection and WAF implementation
    • Security automation and orchestration (SOAR)
    • Threat hunting and incident response
    • Blockchain protocol security

Nice to Haves

  • Compliance Management: Lead and maintain security certifications including ISO 27001, SOC2, PCI-DSS. Develop security policies and ensure implementation meets global standards. Oversee internal security management system and controls.
  • Advanced degree in relevant field
  • Experience in cryptocurrency trading platforms
  • Direct experience obtaining VASP licenses in major jurisdictions
  • Understanding of global financial regulations and licensing requirements
  • Additional security or professional certifications
  • Experience working with regulatory bodies
  • Homomorphic encryption and zero-knowledge proofs
  • Advanced malware analysis and reverse engineering
  • Security architecture patterns for distributed systems
  • Cloud native security (ALIBABA CLOUD, AWS, Azure, GCP)
  • Security metrics and KPI development
  • Vendor security assessment frameworks

Perks & Benefits

  • Competitive total compensation package
  • L&D programs and Education subsidy for employees' growth and development
  • Various team building programs and company events
  • Wellness and meal allowances
  • Comprehensive healthcare schemes for employees and dependants
  • More that we love to tell you along the process!

OKX Statement

The base salary range for this position is $330,000 to $616,000. The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Applicants should apply via OKX internal or external careers site.

OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider employment-qualified applicants with arrest and conviction records.

 #LI-HYBRID

#LI-ED1
Apply now Apply later
Job stats:  6  0  0

Tags: APIs Application security Automation AWS Azure Banking Blockchain CISM CISSP Cloud Compliance Computer Science Crypto DAST DDoS Encryption GCP Governance IAM IAST Incident response ISO 27001 KPIs Kubernetes Malware Microservices Monitoring Network security Reverse engineering SAST SDLC Security assessment Security strategy SOAR SOC 2 SSDLC Strategy

Perks/benefits: Career development Competitive pay Health care Team events Wellness

Region: North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.