Industry not specified

Senior Technology and Security Risk Manager

at OKX

Tech LeadNo visa sponsorshipCybersecurity

Posted 20 hours ago

No clicks

Compensation: Not specified
City: Hong Kong
Country: China

Join OKX's Second Line of Defence as a Technology and Security Risk Manager. You will refine and scale the technology and security risk oversight program, provide independent challenge to the first line, and help shape the 2LOD Security & Data Risk programs. You’ll oversee 2LOD coverage of tech defects, incidents, RCSA, KRIs and reporting, and collaborate with Engineering, Product, Risk, Compliance and Internal Audit to drive risk-aware decision making. The role requires a strong grasp of technology risk (including resilience, change management, SDLC/CI‑CD, QA) and cybersecurity, with a bias for continuous improvement.

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Opportunity

We are seeking a highly motivated Technology and Security Risk Manager within the Second Line of Defence (2LOD). You will be responsible for continuously refining and scaling the Technology and Security oversight program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge.

You will be a key member of OKX's Risk team, helping to shape and scale the firm’s 2LOD Security & Data Risk programs. You’ll work closely with stakeholders including Engineering, Product, Risk, Compliance and Internal Audit.

You will play a key role in developing and implementing a comprehensive Technology and Security Risk Management program. This includes 2LOD oversight of technology defects, issues, and incidents, Risk and Control Self-Assessments (RCSA), key risk indicators (KRIs) and reporting.

The ideal candidate has a strong understanding of Technology Risk (including Technology Resilience, Change Management, SDLC, CI/CD pipeline, and software quality assurance) and Cybersecurity (covering internal and external threat vectors, control weaknesses, and organisational cyber hygiene). We are looking for a candidate with a strong drive for improvement and career growth.

What You’ll Be Doing

Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate Technology and Security risks, ensuring adherence to the Technology Risk Policy.
Providing oversight of Technology and Security Risk incidents and issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight
Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Security risks and controls.
Support the Security Key Risk Indicators (KRIs) definition, monitoring, and reporting.
Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight
Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.

What We Look For In You

Bachelor’s degree in Information Technology, Computer Science, or a related field
Minimum 8+ years of experience in Cyber Risk or Information Security; experience in fintech, crypto, blockchain, or cloud-native environments is preferred
Strong understanding of core cybersecurity domains and tools
Solid knowledge of cybersecurity and data risk frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and data privacy and protection regulations (e.g., GDPR, PDPA)
Proven track record in project and stakeholder management, including independently conducting risk-control assessments, control testing, incident/issue management, and driving remediation efforts
Experience working with Governance, Risk, and Compliance (GRC) platforms in a global or complex organizational setting
Excellent communication and presentation skills, with the ability to convey technical and risk concepts clearly to a range of audiences
Strong interpersonal skills and the ability to collaborate effectively across functions and geographies
Comfortable working in a dynamic, fast-paced environment, with a proactive mindset for piloting initiatives and refining them over time
Relevant certifications such as CISSP, CEH, CISA, CISM, or other recognized cybersecurity qualifications

Perks & Benefits

Competitive total compensation package
L&D programs and Education subsidy for employees' growth and development
Various team building programs and company events
Wellness and meal allowances
Comprehensive healthcare schemes for employees and dependants
More that we love to tell you along the process!

Disclaimer: Please note that Hong Kong is a group-level service hub, and OKX does not carry on a business of operating a virtual asset trading platform in Hong Kong.

#LI-CZ1

#LI-ONSITE

Notice:

All official OKX vacancies are published on this website. While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. If in doubt, please apply directly through our official careers website.

Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to OKX's Candidate Privacy Notice.

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Opportunity

What You’ll Be Doing

Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate Technology and Security risks, ensuring adherence to the Technology Risk Policy.
Providing oversight of Technology and Security Risk incidents and issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight
Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Security risks and controls.
Support the Security Key Risk Indicators (KRIs) definition, monitoring, and reporting.
Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight
Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.

What We Look For In You

Bachelor’s degree in Information Technology, Computer Science, or a related field
Minimum 8+ years of experience in Cyber Risk or Information Security; experience in fintech, crypto, blockchain, or cloud-native environments is preferred
Strong understanding of core cybersecurity domains and tools
Solid knowledge of cybersecurity and data risk frameworks and standards, including NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and data privacy and protection regulations (e.g., GDPR, PDPA)
Proven track record in project and stakeholder management, including independently conducting risk-control assessments, control testing, incident/issue management, and driving remediation efforts
Experience working with Governance, Risk, and Compliance (GRC) platforms in a global or complex organizational setting
Excellent communication and presentation skills, with the ability to convey technical and risk concepts clearly to a range of audiences
Strong interpersonal skills and the ability to collaborate effectively across functions and geographies
Comfortable working in a dynamic, fast-paced environment, with a proactive mindset for piloting initiatives and refining them over time
Relevant certifications such as CISSP, CEH, CISA, CISM, or other recognized cybersecurity qualifications

Perks & Benefits

Competitive total compensation package

L&D programs and Education subsidy for employees' growth and development

Various team building programs and company events

Wellness and meal allowances

Comprehensive healthcare schemes for employees and dependants

More that we love to tell you along the process!

Disclaimer: Please note that Hong Kong is a group-level service hub, and OKX does not carry on a business of operating a virtual asset trading platform in Hong Kong.

#LI-CZ1

#LI-ONSITE