About the job
SummaryBy Outscal
Seeking a Senior IT Operational Risk Manager with 8+ years experience in technology risk management, proven experience in project and stakeholder management, strong understanding of IT systems, networks, and security controls, and knowledge of risk assessment methodologies.
OKX will be prioritising applicants who have a current right to work in Singapore, and do not require OKX's sponsorship of a visa.
Who We Are
At OKX, we believe that the future will be reshaped by Crypto, ultimately contributing to every individual's freedom. OKX began as a crypto exchange giving millions of people access to crypto trading and over time becoming among the largest platforms in the world. In recent years, we have developed one of the most connected Web3 wallets used by millions to access decentralized crypto applications (dApps). OKX is a trusted brand by hundreds of large institutions seeking access to crypto markets on a reliable platform that seamlessly connects with global banking and payments. In the last year, OKX has expanded into new markets including Australia, Brazil, Netherlands, Singapore and Turkey, with plans to launch in the US, Belgium and the UAE.
We are deeply committed to shaping a fairer, more transparent and accessible society through blockchain technology. This is why we publish proof of reserves monthly, and continue to ship new innovative security features.
About the Opportunity
We are seeking a highly motivated Senior IT Operational Risk Manager to join the Operational Risk Management Team to build and scale an effective global risk management program. We’re looking for an experienced risk management professional with IT Operational Risk expertise and experience implementing aspects of a comprehensive ORM program. You will join OKX's broader Enterprise Risk team and partner with colleagues across Compliance, Legal, Security, Risk, Internal Audit, Product and Engineering. You will play a pivotal role in developing and implementing a comprehensive risk management program, focusing on technology/engineering risk assessments, control assurance, incident/issue management, continuity/disaster recovery, and process deep dives. You will report to the OKX Group Head of Operational Risk.
What You’ll Be Doing
-
Collaborate with internal stakeholders across the company to proactively identify, escalate, assess, and mitigate technology operational risks associated with new technologies and infrastructure changes.
-
Lead deep dives with the goal of documenting processes, risks, existing controls and identifying control enhancement opportunities; review and socialize with stakeholders as appropriate.
-
Champion the Incident and Issue Management program, including the design of Action Plans to drive control enhancements and ensure risk exposures are being tracked, monitored and remediated.
-
Partner with stakeholders to investigate, report, and manage incidents in order to understand root cause and drive control enhancements.
-
Analyzing new projects and features within the SDLC to identify potential operational risks related to system design, coding, testing, deployment, and maintenance.
-
Perform control assurance related activities, including testing of design and operating effectiveness, implementation support, review and challenge of evaluation results, and communication of results with management.
-
Advocate and support the implementation of Risk Management frameworks for technology stakeholders, serving as a trusted advisor for the first line.
-
Stay up to date on emerging trends and regulations in the digital asset space, proactively identifying and addressing new risk considerations.
What We Look For In You
-
Bachelor's degree in Information Technology, Computer Science, or a related discipline.
-
Minimum 8+ years of experience in technology risk management, preference for those in Operational Risk roles within financial services, digital assets, or technology/engineering.
-
Proven experience in project and stakeholder management, independently conducting technology risk-control assessments, control testing activities, managing incidents, issues, and driving remediation efforts.
-
Strong understanding of IT systems, networks, and security controls.
-
Knowledge of risk assessment methodologies and frameworks (e.g., COSO, NIST, ISO)
-
Excellent communication and presentation skills, with the ability to tailor reporting to different audiences.
-
Demonstrated ability to collaborate effectively with all levels of a global organization.
-
Comfortable in a dynamic, fast paced and ever-changing landscape; adept at handling pilot initiatives and refining over time.
-
Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) are a plus.
-
Experience working in / knowledge of the digital asset space (cryptocurrency, blockchain) is a plus.
-
Experience with GRC systems on a global scale is a plus.
- Fluent in both English and Mandarin, additionally Cantonese is a plus.
Perks & Benefits
-
Competitive total compensation package
-
L&D programs and Education subsidy for employees' growth and development
-
Various team building programs and company events
-
More that we love to tell you along the process!
#LI-CZ1