• 5+ years of relevant experience in managing ISO 27001:2022, SOC 2 audits, and compliance programs within a global organizational setting
• Demonstrate extensive knowledge and hands-on experience with cybersecurity frameworks, such as ISO 27001, PCI-DSS, SOC 2, and other relevant regulatory requirements
• Exhibit excellent communication skills and logical reasoning abilities
• Maintain a composed demeanor, showcasing a robust commitment to continuous learning and a collaborative, team-oriented mindset
• Display self-driven and results-oriented attributes, enjoy challenging tasks, demonstrate a genuine enthusiasm for work, and work well under pressure
• Relevant experience in Technology Audit, Risk Management, CyberSecurity Compliance or Engineering preferably within the technology sector (Social Media, eCommerce, Fintech etc.) and/or Big4 consulting
• Portfolio Management: Demonstrated experience managing a portfolio of audits, with concurrent oversight and execution of multiple projects
• Integrated Audits: Experience managing integrated audits that address a combination of financial/operational and technology objectives
• Industry experience: Proven ability to work in a fast-paced environment with a product centric culture. Experience of working at a startup company or tech/fintech company is a plus
• Professional interests: Passion for emerging technologies, products and standards. Strong critical thinking skills combined with the ability to provide a credible technical challenge to the business
• Analytical skills: Proven analytical ability to assess complex technology environments against risk assessment outcomes, industry best practices, internal standards and external regulatory requirements
• Communication skills: Ability to write at a publication quality level in order to communicate findings and recommendations to the senior management team
• Global Experience: Experience working in a global organization and managing projects across different time zones (America and EMEA)

Desirable

• Stay abreast of the latest developments in laws, regulations, policies, and information security standards related to Network Security, Data Security, and Data Protection
• Ensure timely updates and maintenance of the internal information security management system
• Apply for information security certifications such as ISO 27001, SOC, and PCI for our products
• Advocate for and oversee the implementation of security compliance and privacy protection requirements
• Promptly address and rectify any non-compliant items
• Validate and verify that the organization's security controls meet industry requirements
• Conduct thorough examinations of processes, systems, policies, procedures, network diagrams, and system configurations
• Monitor business activities through collaborating with cross-functional team leaders to guarantee ongoing compliance with external certifications
• Technology Audit Delivery: Lead planning and execution of operational audit programs and complex technology control assessments: Information Security, Infrastructure, Emerging Technologies (AI/ML, FinTech). Leverage data analytics to detect risk signals and unearth insights. Communicate issues and recommendations to management
• Integrated Audit Delivery: Lead planning and execution of integrated audits supporting operations and technology for business functions and productions (Trust & Safety, Monetization, FinTech etc.)
• Technology Risk Assessment: Assist in analysis and identification of emerging technology risks for OKX. Develop and maintain subject matter expertise in one or more technology domains
• Stakeholder Relationships: Develop and maintain collaborative working relationships with management, understand the business to provide value-added services, and establish credibility as a management consultant and internal controls resource. Partner with engineering and product teams to advise on design and implementation of technology solutions
• Professional Development: Continually expand knowledge of the audit profession, industry, and company products through self-study, research, and continuing education efforts. Develop innovative methodologies for auditing new technologies and services
• Quality Assurance: Ensure the overall quality and consistency of audit work, adhering to department and professional standards. Continuously seek opportunities for audit process improvement