Risk Manager, Technology & Resilience Risk

OKX

5-8 Years | Hong Kong (On Site) | Full Time | 3 months ago

Apply Now

Job Summary

OKX is seeking a Technology & Resilience Risk Manager to join their Operational Risk Management team in the Second Line of Defence. The role involves refining and scaling the Technology and Operational Resilience program, guiding first-line execution, and providing independent risk challenge. The manager will be a key member of the Risk team, shaping technology risk management and operational resilience programs. Responsibilities include managing technology incidents and issues, overseeing resilience programs, conducting risk and control self-assessments, supporting key risk indicators and reporting, and enhancing GRC systems. The ideal candidate should be process-minded, understand cloud technologies, and have knowledge of blockchain. The role reports to the Senior Risk Manager of Technology Risk.

Must Have

Fluent in Mandarin Chinese
Bachelor's in IT, Computer Science, or related field
5-8 years experience in Technology Risk/Resilience/BCM
Strong understanding of Technology Resilience, SDLC, CI/CD, BCM, DR
Knowledge of NIST, ISO 22301, ISO 27001 frameworks
Experience with GRC systems
Excellent communication skills
Ability to collaborate across global organization
Comfortable in a dynamic, fast-paced environment

Good to Have

Experience in fintech, crypto, blockchain, or cloud-native companies
Relevant certifications (CISA, CISM, CISSP, CBCP, ISO 22301)

Perks & Benefits

Competitive total compensation package
L&D programs and education subsidy
Team building programs and company events
Wellness and meal allowances
Comprehensive healthcare schemes

Job Description

Who We Are

At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom.

OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves.

Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er.

OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more.

About the Opportunity

We are seeking a highly motivated Technology & Resilience Risk Manager to join our Technology Risk function within the Operational Risk Management (ORM) team in the Second Line of Defence (2LOD). You will be responsible for continuously refining and scaling the Technology and Operational Resilience program, guiding first-line of defence (1LOD) execution, and providing independent risk challenge.

You will be a key member of OKX's Risk team, helping to shape and scale the firm’s Technology Risk Management and Operational Resilience programs. You’ll work closely with stakeholders across Engineering, Product, Risk, Compliance, Internal Audit, Legal, Finance, and HR.

You will play a pivotal role in developing and implementing a comprehensive risk management program, focusing on technology incident and issue management, Technology and Operational Resilience (including BCM), Risk and Control Self Assessment (RCSA), Technology Key Risk Indicators (KRI) & Reporting, and Governance, Risk and Control (GRC) system enhancements.

The ideal candidate is a process-minded thinker with a strong drive for improvement and career growth. You should possess an understanding of cloud technologies, and knowledge of blockchain will be highly advantageous. You will report to the Senior Risk Manager of Technology Risk.

What You’ll Be Doing

Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate technology risks, ensuring adherence to the Technology, Security and Data Risk Policy.
Providing oversight of Technology Incidents and Issues, and partnering with 1LOD stakeholders to enhance related processes and ensure effective oversight
Refining and scaling the 2LOD Technology and Operational Resilience program, including providing practical templates to enable 1LOD teams to assess and manage their resilience and continuity capabilities.
Overseeing risk oversight of Technology Architecture & Asset Management and Technology Delivery domains.
Leading the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology, and providing effective challenge and oversight of 1LOD Technology risks and controls.
Supporting the Technology Key Risk Indicators (KRIs) definition, monitoring, and reporting.
Supporting the implementation and ongoing enhancement of Governance, Risk, and Compliance (GRC) systems to enable effective risk oversight
Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.

What We Look For In You

Fluent in Mandarin Chinese, with the ability to communicate technical concepts clearly in both written and verbal forms
Bachelor’s degree in Information Technology, Computer Science, or a related field
Minimum 5 to 8 years of experience or more in Technology Risk, Operational Resilience or BCM management; experience within fintech, crypto, blockchain, and/or cloud-native companies is preferred.
Proven track record in project and stakeholder management, independently conducting technology risk-control assessments, control testing, incident and issue management, and driving remediation efforts
Strong understanding of Technology Resilience, Technology Delivery (SDLC and CI/CD), Business Continuity Management and Disaster Recovery.
Knowledge of industry best practices and frameworks for technology risk and BCM (e.g., NIST, ISO 22301, ISO 27001)
Experience working with Governance, Risk, and Compliance (GRC) systems in a global environment
Excellent communication and presentation skills, with the ability to tailor reports for diverse audiences
Demonstrated ability to collaborate effectively across all levels of a global organization
Comfortable working in a dynamic, fast-paced, and evolving environment, with a proactive approach to pilot initiatives and continuous improvement
Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Business Continuity Professional (CBCP), or ISO 22301 Lead Implementer are a strong plus

Perks & Benefits

Competitive total compensation package
L&D programs and Education subsidy for employees' growth and development
Various team building programs and company events
Wellness and meal allowances
Comprehensive healthcare schemes for employees and dependants
More that we love to tell you along the process!

#LI-CZ1

#LI-ONSITE

6 Skills Required For This Role

Communication Risk Management Internal Audit Software Development Lifecycle Sdlc Html Ci Cd

Similar Jobs

Risk Manager, Technology & Resilience Risk

Job Summary

Must Have

Good to Have

Perks & Benefits

Job Description

Who We Are

About the Opportunity

What You’ll Be Doing

What We Look For In You

Perks & Benefits

6 Skills Required For This Role

Similar Jobs

Risk Management

Finance & Legal