Technology Risk Lead

Role Overview

This is a critical role to bootstrap BitMEX's Security Assurance practice, responsible for architecting our Security Policy and Risk Management frameworks with compliance as code as the foundational pillar of our strategy.

The position is highly technical in nature and is expected to operationalise our security common controls framework. As the Security Risk Lead, you will also collaborate with stakeholders on the successful execution of SOC2 Audits and other security initiatives.

This role is for a highly experienced technical security engineer ready to expand beyond technical execution. We're seeking a candidate with a strong blend of technical and business acumen, proven experience influencing decisions on regulatory standards, and excellent communication skills.

Key Responsibilities

• Translate regulatory and compliance requirements into code and actionable technical controls
• Ensure accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational risk implications.
• Operationalise the delivery of several Security metrics.
• Deliver various threat modeling spot checks.
• Perform deep-dive technical risk assessments.
• Security training and outreach to internal tech teams.
• Facilitate the execution of external audits over BitMEX's products and internal controls in accordance with, but not limited to, SOC 2 and ISO 27001.

Qualifications

• 10+ years of security industry experience with  a strong background in software development including  at least 3 years of hands-on experience.
• Demonstrated success in leading technical teams in Cloud first environment with Deep knowledge of Amazon Web Services and general Cloud infrastructure security.
• Expert on GRC processes to consistently automate and supervise information security controls, testing, and risks.
• Knowledge of network security architecture concepts, including topology, protocols, components, and principles.
• Hand on experience with Open Policy Agent, InSpec, or CloudFormation Guard.
• Demonstrated knowledge and expertise in written responses to regulators.
• Proficient in managing  complex global infrastructure as code.

Good to have

• Demonstrated experience researching, building and implementing defensive security systems that are used against internal and external attack vectors.
• Comfortable operating across a wide variety of platforms and technologies.
• Relevant certifications like CISSP, CISA, AWS CCP, CIPP or CIPT are preferred.
• Prior experience of working in Security and Privacy compliance engineering or similar groups at a tech or fintech firm.

Why BitMEX?

BitMEX offers a dynamic environment that blends intense work, a vibrant culture, and diversity. We actively recruit across time zones to meet growing demands and attract top global talent.

We're seeking determined, responsible, and collaborative individuals to join us in building a leading cryptocurrency ecosystem. We value meticulousness, agility, and simplicity. As a 24/7 global exchange, we look for adaptable team players who can excel in a diverse, cross-market environment.

We provide flexible arrangements to our remote contract talents with:

• Work from home to help you find the perfect balance between work, family and personal life
• Paid holidays and leave so you won’t miss out any important events
• Team building & offsite events to bring our global team closer
• Don’t forget the advantage of our Beyond Border Remote Working policy, where you get to work away from your home country
• Option to choose to be paid in fiat or crypto currency, providing the flexibility to shape your financial freedom