OKX - CISO Office - Security Compliance & Governance Engineer

• Self-directed driver — You run cross-functional workstreams without being managed. Ambiguity is a starting point, not a blocker. • Self-directed driver • AI-native operator — You already use AI to do more, faster — and you raise the floor for the teams around you. • AI-native operator • Clear communicator — You earn trust across regulators, auditors, and C-suite through precision and consistency — in any room. • Clear communicator • Culture Fit • Startup velocity — Decisions move fast. Priorities shift. You ship, iterate, and adapt — without waiting for perfect conditions or top-down direction. • Startup velocity • Financial institution rigour — Audit trails matter. Regulators scrutinise. The bar for accuracy, documentation, and accountability is institutional-grade — always. • Financial institution rigour • > The tension between these two is not a bug — it is the job. We are looking for someone who holds both without compromise. • Active daily use of AI tools to accelerate compliance and governance work — demonstrated practice with measurable output impact, not theoretical awareness. • Ability to identify, build, and scale AI-assisted workflows within a CISO office context — evidence automation, policy generation, audit response, or control monitoring. • Working knowledge of AI governance and risk — sufficient to contribute to internal AI oversight frameworks and assess AI-related compliance obligations. • Independent Cross-Functional Leadership — Must Have • Demonstrated ability to own and drive complex, multi-stakeholder workstreams independently — setting direction, coordinating accountability, and delivering outcomes without management escalation. • Track record of influencing without authority across engineering, legal, finance, and operations in a fast-moving environment. • Comfortable operating under ambiguity and shifting priorities while maintaining institutional-grade standards for accuracy and documentation. • 8+ years in IT audit, risk management, compliance, or security governance • 3+ years leading governance programmes at a large-scale internet, financial services, or crypto firm • Exposure to IPO-readiness or high-scrutiny regulatory examination programmes preferred • Frameworks & Standards • ISO 27001, SOC 1/2, PCI-DSS, COBIT, NIST — deep working knowledge • GDPR and APAC data protection regimes • Crypto and blockchain-specific compliance risk awareness a strong asset • Engineering Sensibility • Able to read and interpret code, architecture diagrams, and technical design documents without engineer-translation dependency • Familiarity with cloud environments (Alibaba Cloud, AWS, GCP) and associated security tooling • Communication • Executive-level written and verbal communication in English — board-ready governance briefs, regulator responses, and CISO-level reporting produced independently • Proficiency in Mandarin (written and verbal) is a strong advantage for APAC regulatory and stakeholder engagement • Professional security or governance certification: CISA · CISSP · CRISC · CISM · CCISO · Agentic AI • CISA · CISSP · CRISC · CISM · CCISO · Agentic AI • Experience building AI-powered compliance tooling — audit automation, continuous control monitoring, or policy-to-control mapping • Prior involvement in SOX ITGC, SEC Reg S-K Item 106, or equivalent listing-authority tech governance programmes • Crypto-native compliance exposure — Proof of Reserves, SAB 121, Travel Rule, AML/CFT programme governance • Active regulatory footprint across MAS, VARA, FCA, HKMA/SFC, or equivalent