Security Governance Specialist
OKX
Who We Are
At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
Role Overview
Roles and Responsibilities:
- Develop and maintain IT governance-related policies and procedures, ensuring alignment with industry standards and regulatory requirements.
- Monitor and evaluate the organization’s security compliance status, proposing actionable improvements.
- Collaborate with business units, engineering teams, risk, compliance, and other stakeholders to implement governance measures and enable secure technical processes.
- Conduct security maturity self-assessments and risk assessments to identify gaps and drive remediation efforts.
- Ensure compliance with regulatory requirements across jurisdictions through gap analyses and advisory support.
- Create dashboards and reports for leadership on governance effectiveness, security metrics, and key updates.
- Stay informed on industry trends to refine governance strategies and enhance security maturity.
- Drive continuous improvement in governance processes by collaborating with cross-functional teams.
Key Qualifications
- Bachelor’s degree in Information Security, Computer Science, Risk Management, or a related field
- 7+ years of relevant experience in cybersecurity, tech risk management, compliance, and security governance.
- Strong knowledge of regulatory frameworks and standards such as ISO 27001, NIST CSF, PCI-DSS, SOC1/2, and CCSS.
- Familiarity with data protection laws and regulations (e.g., GDPR) and compliance challenges posed by emerging technologies.
- Proven ability to manage large-scale security control implementation or compliance remediation projects, and track progress effectively.
- Excellent project management skills for handling multiple complex remediation plans simultaneously.
- One or more certifications such as CISSP, CISA, CISM, CRISC, or CCSS are highly desirable.
- Knowledge of cloud platforms like Alibaba Cloud, AWS, and GCP, including their security-related services.
- Adaptability to work in rapidly evolving technological and regulatory environments.
- Fluent in both Chinese and English with excellent oral and written communication skills.
- Outstanding communication skills for engaging with auditors, regulators, and cross-functional teams across all organizational levels.
Perks & Benefits
- Competitive total compensation package.
- L&D programs and Education subsidy for employees' growth and development.
- Various team building programs and company events.
- Wellness and meal allowances.
- Comprehensive healthcare schemes for employees and dependants .
- More that we love to tell you along the process!