Risk Manager, Technology & Resilience Risk

Risk Manager, Technology & Resilience Risk at OKX. OKX believes the future will be reshaped by crypto and contribute to individuals’ freedom. We are a leading crypto exchange and developer of OKX Wallet, serving millions with crypto trading and dApps. OKX is trusted by institutions and backed by our Proof of Reserves.

Across our global offices, we live by our core principles: We Before Me, Do the Right Thing, Get Things Done. OKX is part of OKG, bringing blockchain value to users through our leading products OKX, OKX Wallet, OKLink, and more.

We are seeking a motivated Technology & Resilience Risk Manager to join our Technology Risk function within the Operational Risk Management (ORM) team in the Second Line of Defence (2LOD). You will refine and scale the Technology and Operational Resilience program, guide first-line of defence (1LOD) execution, and provide independent risk challenge.

You will be a key member of OKX's Risk team, helping to shape and scale the firm’s Technology Risk Management and Operational Resilience programs. You’ll collaborate with Engineering, Product, Risk, Compliance, Internal Audit, Legal, Finance, and HR.

You will develop and implement a comprehensive risk management program focusing on technology incident and issue management, Technology and Operational Resilience (including BCM), Risk and Control Self Assessment (RCSA), Technology Key Risk Indicators (KRI) & Reporting, and Governance, Risk and Control (GRC) system enhancements. The ideal candidate is process-minded with a drive for improvement and growth; familiarity with cloud technologies and blockchain is advantageous. You will report to the Senior Risk Manager of Technology Risk.

• Collaborate with internal stakeholders to proactively identify, escalate, assess, and mitigate technology risks, ensuring adherence to the Technology, Security and Data Risk Policy.
• Provide oversight of Technology Incidents and Issues and partner with 1LOD to enhance related processes and oversight.
• Refine and scale the 2LOD Technology and Operational Resilience program, including practical templates for 1LOD teams to assess and manage resilience and continuity capabilities.
• Provide risk oversight of Technology Architecture & Asset Management and Technology Delivery domains.
• Lead the Technology Risk and Control Self-Assessment (RCSA) process from a 2LOD perspective, ensuring adherence to the ERM RCSA methodology and effective challenge of 1LOD risks and controls.
• Support the definition, monitoring, and reporting of Technology KRIs.
• Support the implementation and enhancement of Governance, Risk and Compliance (GRC) systems to enable effective risk oversight.
• Advocate and support the implementation of risk management frameworks for technology stakeholders as a trusted advisor to the first line.
• Stay current on emerging trends and regulations in the digital asset space and address new risk considerations.

• Fluent in Mandarin Chinese with the ability to communicate technical concepts clearly in written and verbal form.
• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Minimum 5 to 8 years of experience in Technology Risk, Operational Resilience or BCM; fintech, crypto, blockchain, and/or cloud-native experience is preferred.
• Proven track record in project and stakeholder management, independently conducting risk-control assessments, control testing, incident/issue management, and remediation.
• Strong understanding of Technology Resilience, Technology Delivery (SDLC and CI/CD), Business Continuity Management and Disaster Recovery.
• Knowledge of best practices and frameworks for technology risk and BCM (e.g., NIST, ISO 22301, ISO 27001).
• Experience with Governance, Risk, and Compliance (GRC) systems in a global environment.
• Excellent communication and presentation skills, with the ability to tailor reports for diverse audiences.
• Ability to collaborate across all levels of a global organization in a dynamic, fast-paced environment.
• Relevant certifications (CISA, CISM, CISSP, CBCP, ISO 22301 Lead Implementer) are a strong plus.

OKX is an equal employment opportunity employer. Information collected as part of the recruitment process is subject to OKX's Candidate Privacy Notice.

LI-CZ1 LI-ONSITE