Responsibilities
- Analyze and assess security and compliance gaps identified by internal and external audits.
- Develop and execute remediation plans for audit findings.
- Create and maintain solutions that uphold continuous compliance with industry security standards and regulations (ISO27001, SOC 1/2, NIST, CIS benchmarks, SOX, etc.).
- Conduct IT security and architecture governance to ensure systems and processes comply with relevant standards.
- Support tech governance and compliance initiatives, including those related to IPO readiness if applicable.
- Implement and maintain Business Continuity Management (BCM) and Business Continuity Planning (BCP) processes, including conducting Business Impact Analysis.
- Track remediation progress and regularly report to management on governance work effectiveness.
- Develop and refine IT governance-related policies and procedures (P&P), providing implementation guidance.
- Manage third-party security assessments and due diligence requests from regulatory agencies and auditors.
- Develop procedures to respond to security and compliance queries from third-party providers, partners, and internal stakeholders.
- Identify and implement tooling to automate processes and workflows that scale security goals and increase efficiency.
- Lead cross-functional security efforts in the APAC region, working with Legal, Compliance, Engineering, HR, and Finance.
- Continuously monitor and evaluate the company's security compliance status, proposing improvements.
- Stay up-to-date on industry trends and best practices to drive continuous improvement of security compliance capabilities.
Minimum Requirements
- At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance and 3 years of experience in IT process governance and technology governance projects within large internet enterprises, blockchain companies, or fintech startups.
- In-depth understanding of various audit standards such as ISO 27001, COBIT, SOC2, SOC1, PCI-DSS, NIST, and SOX.
- Familiarity with relevant laws, industry-specific norms, and data protection regulations (e.g., GDPR).
- Experience with tech governance and compliance, particularly in fintech or cryptocurrency companies (e.g., Coinbase, Kraken, Robinhood).
- Knowledge of Business Continuity Management (BCM), Business Continuity Planning (BCP), and Business Impact Analysis methodologies.
- Knowledge of cyber security, cloud security, coding, and related processes (change management, incident response, tracing, computer forensics, etc.).
- Experience leading cross-functional efforts with operational and technical teams.
Preferred Requirements
- One or more of the following certifications: CISA, CISSP, CRISC, CISM, or equivalent qualifications.
- Knowledge of Alibaba Cloud, AWS, GCP, and their related services (e.g., SLS/DMS).
- Familiarity with risks and compliance challenges brought by emerging technologies (such as AI, blockchain).
- Experience in successfully participating in large-scale security compliance remediation projects.
- Proficiency in speaking, reading and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members.
- Prior experience with GRC tooling and/or implementation.
- Past experience working with crypto platforms or fintech companies.
- Experience with IPO readiness and related compliance requirements.