Head of Audit (Infrastructure & Developer Operations)

1 Month ago • All levels • Auditing

Job Summary

Job Description

OKX is seeking a Head of Audit for Infrastructure & Developer Operations to lead the assessment and assurance of its critical infrastructure and DevOps practices within a leading crypto organization. The role involves building and leading a global audit team, driving strategic assurance initiatives, and assessing the organization's codebase, build, test, release processes, and technical infrastructure. Responsibilities include managing the audit team, executing global audit programs for infrastructure, cloud platforms, operating systems, networking, virtualization, containerization, storage systems, DevOps practices, and CI/CD pipelines. The position also entails validating IT incidents, supporting IT certifications, and providing strategic insights on emerging risks to senior leadership and the Audit Committee.
Must have:
  • Prior Crypto Exchange/Crypto Product Experience is Essential.
  • Strong Critical Thinking and Problem-Solving Skills.
  • Fundamental Understanding of Blockchain Technology.
  • Data Analytics/SQL for Infrastructure & DevOps Auditing.
  • Infrastructure Auditing Expertise.
  • Cloud Computing Platform Auditing Expertise.
  • Operating System Auditing Expertise.
  • Networking Auditing Expertise.
  • Virtualization & Containerization Auditing Expertise.
  • Storage System Auditing Expertise.
  • DevOps Auditing Deep Understanding.
  • Secure CI/CD Auditing Expertise.
  • Automation and Scripting Auditing.
  • Cloud Deployment & Management Auditing.
  • Agile Development Methodologies Auditing.
  • Code Review & Secure Coding Practices Familiarity.
  • Risk Management Principles for Infrastructure & DevOps Auditing.
  • Knowledge of Specific Regulatory Requirements impacting Infrastructure & DevOps.
Perks:
  • Competitive total compensation package
  • L&D programs and education subsidy for employees' growth and development
  • Various team building programs and company events
  • Wellness and meal allowances
  • Comprehensive healthcare schemes for employees and dependants

Job Details

OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.
 
OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.
 
Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.
 
OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.
 

About the Opportunity

OKX is undertaking a significant global team buildout within its Internal Audit function, and we are looking for an experienced and visionary Head of Infrastructure & Developer Operations Audit. This is a unique opportunity to lead the assessment and assurance of our critical infrastructure and DevOps practices within a leading crypto organization, ensuring the highest levels of resilience, scalability, and security for our global operations. You will build and lead a high-performing audit team, drive strategic assurance initiatives, and directly impact the robust and efficient delivery of innovative crypto products and infrastructure by thoroughly assessing the organization's codebase, build, test, and release processes, as well as technical infrastructure maintenance and management.

What You’ll Be Doing 

  • Lead and manage a global Infrastructure & Developer Operations audit team, including hiring and developing individuals across key regions.
  • Drive the execution of global audit programs, specifically assessing the design and operating effectiveness of controls over infrastructure, cloud computing platforms, operating systems, networking, virtualization, containerization, storage systems, DevOps practices, and Secure CI/CD pipelines. This includes a deep dive into the codebase, build, test, and release processes.
  • Oversee the independent validation of IT incidents related to infrastructure and development operations, and provide critical audit support for group-wide IT certifications.
  • Collaborate effectively with other functional and regional Internal Audit portfolio leads to provide expert infrastructure and DevOps controls testing and assurance for integrated audits.
  • Develop and implement advanced audit methodologies tailored to the unique complexities of high-performance, distributed crypto systems, emphasizing the assessment of automated and secure deployments, and ongoing maintenance and management processes.
  • Provide strategic audit insights and independent assurance on emerging infrastructure and DevOps risks in the cryptocurrency space to senior leadership and the Audit Committee.

What We Look For In You

We are seeking a seasoned IT audit professional with demonstrable experience in independently assessing infrastructure and DevOps practices within the crypto exchange or crypto product space. The ideal candidate will possess a deep understanding of resilient and secure infrastructure principles applied to novel technical and control environments, coupled with strong leadership and analytical skills.
Key Qualifications:
  • Prior Crypto Exchange/Crypto Product Experience is Essential.
  • Strong Critical Thinking and Problem-Solving Skills: Capacity to analyze complex, often novel, technical and control environments unique to crypto, identify intricate root causes of issues, and propose effective, context-specific solutions.
  • Fundamental Understanding of Blockchain Technology: Basic knowledge of distributed ledger technologies, consensus mechanisms (e.g., PoW, PoS), cryptography (hashing, public-key), and the lifecycle of a cryptocurrency transaction.
  • Data Analytics/SQL for Infrastructure & DevOps Auditing: Expert ability to analyze complex data across the entire technology stack, including CI/CD pipeline logs, git commit history, dependency manifests, configuration management logs, system logs, network flow data, infrastructure-as-code configurations, and cloud provider logs, specifically for audit purposes.
  • Infrastructure Auditing: Comprehensive knowledge of IT infrastructure components, with a specialized focus on independently auditing the resilience, scalability, and security of blockchain nodes, low-latency trading systems, and high-availability wallet infrastructure.
  • Cloud Computing Platform Auditing: Expert-level auditing of cloud infrastructure (AWS, Azure, GCP) specifically for mission-critical crypto workloads, including container orchestration (Kubernetes), serverless functions, multi-region deployments, and ensuring geo-redundancy for key assets.
  • Operating System (OS) Auditing (for Blockchain Nodes & Exchange Servers): Deep dive capability to assess the hardening, patching, kernel configurations, and user access controls for operating systems hosting blockchain nodes, trading engines, and critical exchange services.
  • Networking Auditing: Advanced knowledge of networking protocols, DDoS mitigation strategies, and the ability to audit low-latency, high-throughput network architectures essential for competitive crypto exchange operations, including peering arrangements and BGP configurations.
  • Virtualization & Containerization Auditing: Expertise in independently auditing virtualized environments and container orchestration platforms (Docker, Kubernetes) specifically for secure isolation of critical workloads, supply chain security for container images, and resource management to prevent denial-of-service.
  • Storage System Auditing: Ability to independently assess the security, integrity, availability, and immutability of storage systems (SAN, NAS, object storage) for critical blockchain data, cryptographic keys, and sensitive audit logs.
  • DevOps Auditing: Deep understanding of DevOps principles (e.g., build, test, release), automation, and continuous delivery with a focus on independently auditing the security and compliance of rapid, automated deployments in a high-stakes crypto environment (e.g. GitLab, GitHub, etc.)
  • Secure Continuous Integration/Continuous Delivery (CI/CD) Auditing: Expertise in independently auditing CI/CD pipelines for integrated security tools (SAST, DAST, SCA), automated security gates, secure artifact management, and robust deployment controls for smart contracts and exchange software. This includes assessing the codebase, build, test, and release processes.
  • Automation and Scripting Auditing (for Infrastructure as Code & Smart Contracts): Ability to independently assess the security and integrity of automation scripts (e.g., Python, Go, Shell), Infrastructure as Code (IaC) tools (e.g., Terraform, CloudFormation), and configuration management tools (e.g., Ansible) used to manage crypto infrastructure.
  • Cloud Deployment & Management Auditing (Automated & Secure): Expertise in independently auditing automated cloud provisioning, configuration, and management processes, emphasizing security best practices, least privilege, and immutable infrastructure principles for critical crypto components, as well as ongoing maintenance and management.
  • Agile Development Methodologies Auditing: Ability to independently assess the deep integration of security activities and controls within agile development processes, including proactive threat modeling for new features, security champions within development teams, and rigorous peer review for smart contract code.
  • Code Review & Secure Coding Practices: Familiarity with secure coding principles for languages commonly used in blockchain development (e.g. Solidity, Rust, Go, Python) and the ability to independently evaluate the effectiveness of code review processes for identifying operational and security flaws.
  • Risk Management Principles for Infrastructure & DevOps Auditing: Advanced grasp of risk identification, assessment, mitigation, and monitoring methodologies specifically tailored to the high-stakes, real-time, and often irreversible nature of crypto transactions.
  • Knowledge of Specific Regulatory Requirements impacting Infrastructure & DevOps: Understanding of specific regulatory requirements impacting crypto exchanges globally (e.g., anti-money laundering (AML), combating the financing of terrorism (CFT) as per FATF, sanctions compliance, specific licensing requirements for Virtual Asset Service Providers (VASPs)) and how these translate to technical controls relevant to infrastructure and DevOps.

Perks & Benefits 

  • Competitive total compensation package
  • L&D programs and education subsidy for employees' growth and development
  • Various team building programs and company events
  • Wellness and meal allowances
  • Comprehensive healthcare schemes for employees and dependants
  • More that we love to tell you along the process!

Similar Jobs

Loyalty Juggernaut - Mobile Application Developer (Android/iOS)

Loyalty Juggernaut

Hyderabad, Telangana, India (On-Site)
3 Months ago
CyberArk - Principal Product Manager

CyberArk

Israel (Hybrid)
3 Months ago
Next Level Business Services - IBM Tivoli Administrator

Next Level Business Services

Florence, Kentucky, United States (On-Site)
9 Months ago
Zuora - Technical Account Manager

Zuora

Costa Rica (Remote)
2 Months ago
Shield AI - Staff Electrical Engineer

Shield AI

Dallas, Texas, United States (On-Site)
2 Weeks ago
Clearwater Analytics - Sr. Auditor

Clearwater Analytics

Boise, Idaho, United States (On-Site)
3 Weeks ago
Mercury - Senior Internal Auditor

Mercury

San Francisco, California, United States (Remote)
2 Weeks ago
PwC - Manager - Audit and Assurance Services

PwC

Colombo, Western Province, Sri Lanka (On-Site)
10 Months ago
PwC - Senior IT Auditor with German

PwC

Bucharest, Bucharest, Romania (On-Site)
10 Months ago
GoTo Group - Senior IT Auditor

GoTo Group

Jakarta, Jakarta, Indonesia (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

GoTo Group - Self-Serve Ads GTM Sr. Associate

GoTo Group

Jakarta, Jakarta, Indonesia (On-Site)
9 Months ago
beghou consulting - Associate Consultant-Customer Engagement

beghou consulting

Pune, Maharashtra, India (Hybrid)
1 Month ago
Capgemini - KINAXIS SPECIALIST

Capgemini

Chennai, Tamil Nadu, India (On-Site)
2 Months ago
Next Level Business Services - Product Development Manager

Next Level Business Services

Bentonville, Arkansas, United States (On-Site)
9 Months ago
Capgemini - Oracle HCM Cloud Fusion Consultant

Capgemini

India (On-Site)
2 Months ago
Anavation - .NET Software Developer

Anavation

Huntsville, Alabama, United States (On-Site)
4 Weeks ago
Kavalirio - Senior Internal Auditor

Kavalirio

Miami, Florida, United States (Hybrid)
1 Month ago
Capgemini - R&S Design Implementation

Capgemini

Bengaluru, Karnataka, India (On-Site)
3 Months ago
Tekion Corp - Software Engineer 2 (Boomi developer)

Tekion Corp

Chennai, Tamil Nadu, India (On-Site)
4 Weeks ago
PwC - Senior Associate - SAP BASIS and Hyperscaler - RDC

PwC

Kolkata, West Bengal, India (On-Site)
10 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Singapore

bytedance - Test Development Engineer - Global Payment

bytedance

Singapore (On-Site)
2 Weeks ago
Saxo Bank - Legal Counsel

Saxo Bank

Singapore (On-Site)
1 Month ago
Riot Games - Senior Manager, Art Direction - Teamfight Tactics

Riot Games

Singapore (On-Site)
11 Months ago
Silicon Labs - Senior Staff Design Engineer

Silicon Labs

Singapore (Hybrid)
2 Weeks ago
Rackspace Technology - Sales Executive - Singapore (Domain - Shipping and Logistics)

Rackspace Technology

Singapore (On-Site)
2 Weeks ago
InMobiInMobi - Director, Client Development

InMobiInMobi

Singapore (On-Site)
1 Month ago
bytedance - Data Analyst - Corporate Information System

bytedance

Singapore (On-Site)
4 Months ago
Razer - Solutions Architect

Razer

Singapore (On-Site)
10 Months ago
hogarth - Cross Functional Intern (Studio A, 6 Months)

hogarth

Singapore (Hybrid)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Auditing Jobs

Assystems - Internal Finance Auditor

Assystems

Gurugram, Haryana, India (On-Site)
9 Months ago
Ruselle Investments - Director, Internal Audit

Ruselle Investments

Seattle, Washington, United States (On-Site)
1 Month ago
Clearwater Analytics - Sr. Auditor

Clearwater Analytics

Boise, Idaho, United States (On-Site)
3 Weeks ago
MRI Software - Senior Internal Audit Specialist

MRI Software

London, England, United Kingdom (Hybrid)
2 Months ago
PwC - Manager - Digital Audit

PwC

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)
10 Months ago
Guardian - Lead Auditor, Investments, Corporate Finance & Risk

Guardian

Bethlehem, Pennsylvania, United States (Hybrid)
3 Months ago
Universal Music Group - Manager, Internal Audit

Universal Music Group

Santa Monica, California, United States (On-Site)
1 Year ago
PwC - External Audit Senior Associate

PwC

Qormi, Malta (On-Site)
10 Months ago
OKX - Head of Professional Practices, Internal Audit

OKX

New York, United States (On-Site)
1 Month ago
Paytm - Process Review - Internal Audit

Paytm

Noida, Uttar Pradesh, India (On-Site)
8 Months ago

Get notifed when new similar jobs are uploaded

About The Company

OKX is a world-leading digital asset exchange, providing advanced financial services to traders worldwide leveraging blockchain technology. Our platform offers spot & derivatives trading helping traders optimize their strategy. It provides a safe, reliable and stable environment for digital assets trading via web interface and mobile app by adopting GSLB, and distributed server clusters. We believe blockchain technology will eliminate barriers to transactions, increase the efficiency of transactions across society, and eventually have a significant impact on the global economy. We strive to achieve something that changes the world and never stop to innovate and improve on our customer experience.

New York, United States (Hybrid)

Austin, Texas, United States (Hybrid)

Sliema, Malta (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

San Jose, California, United States (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

Kuala Lumpur, Federal Territory Of Kuala Lumpur, Malaysia (On-Site)

View All Jobs

Get notified when new jobs are added by OKX