Governance, Risk and Compliance Lead

Focused on developing products and services for the digital assets sector, Bullish has rewired the traditional exchange to benefit asset holders, enable traders and increase market integrity. Supported by the group’s treasury, Bullish’s new breed of exchange combines deep liquidity, automated market making and industry-leading security and compliance to increase the accessibility of digital assets for investors. Bullish exchange is operated by Bullish (GI) Limited and is fully regulated in Gibraltar.

Mission: To make trading with digital assets more rewarding and secure.​

Vision: To be the most innovative, respected, and trusted leader in crypto.

Reports to:

We are seeking an experienced and dynamic Governance, Risk, and Compliance (GRC) leader to spearhead our organization's commitment to upholding the highest standards of regulatory compliance, policy management, and risk assessment. This role requires a seasoned professional who can navigate complex regulatory landscapes and ensure our operations adhere to all applicable laws and standards. The ideal candidate will possess a robust background in regulatory compliance, policy drafting, and risk management, demonstrating a proven track record of developing and implementing effective strategies that can help us safeguard our organization while driving business objectives forward.

As the GRC lead, you will play a critical role in shaping the strategic direction of our cyber security program. You will be responsible for overseeing the development and maintenance of comprehensive policies and procedures that not only meet regulatory requirements but also promote operational excellence and efficiency.

In this role, you will collaborate with cross-functional teams to foster a culture of compliance and risk awareness, providing training and guidance to employees at all levels. Your ability to communicate complex regulatory and risk concepts in a clear and actionable manner will be essential in gaining buy-in from stakeholders and driving organizational change.

This position reports to the Group CISO and will be based in Hong Kong.

Role & Responsibilities

• Lead the GRC function, providing strategic direction and oversight to ensure alignment with organizational objectives and regulatory requirements.

• Develop and implement a comprehensive GRC framework to identify, assess, and mitigate risks.

• Monitor and interpret regulatory changes to ensure the organization remains compliant with all applicable laws and regulations.

• Oversee the drafting, review, and implementation of organizational policies and procedures.

• Ensure policies are regularly updated and communicated effectively across the organization.

• Conduct vendor due diligence as well well as regular risk assessments to identify potential compliance and operational risks.

• Provide training and guidance to staff on cyber security best practices.

• Foster a culture of compliance and risk awareness throughout the organization.

Qualifications

• 5+ years of verifiable experience in GRC, audit or similar roles.

• Good knowledge of regulatory compliance requirements and risk management practices.

• Good understanding of industry frameworks such as NIST CSF, SOC2, ISO27k

• Proven experience in policy drafting and management.

• Excellent analytical, problem-solving, and decision-making skills.

• Strong stakeholder management skills.

• Exceptional communication and interpersonal skills.

• Excellent verbal and written presentation skills with a proficiency in English.

Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.