-
Develop and maintain an assurance roadmap, ensuring comprehensive coverage of IT and security domains.
-
Conduct assurance reviews to assess the effectiveness of IT/ security controls against internal standards, industry best-practice and regulatory requirements.
-
Continuously monitor and evaluate the company's security compliance status, proposing improvements.
-
Identify areas for improvement and work with relevant stakeholders to implement remediation plans.
-
Analyze and assess security and compliance gaps identified by internal and external audits.
-
Create and maintain solutions that uphold continuous compliance with industry security standards and regulations (ISO27001, SOC 1/2, NIST, CIS benchmarks, SOX, etc.)
-
Support tech governance and compliance initiatives, including those related to IPO readiness if applicable.
-
Track remediation progress and regularly report to management on governance work effectiveness.
-
Develop and refine IT governance-related policies and procedures (P&P), providing implementation guidance.
-
Stay up-to-date on industry trends and best practices to drive continuous improvement of security compliance capabilities.
-
At least 8 years of relevant work experience, including IT audit, risk management, compliance, and security governance within large internet enterprises, blockchain companies, fintech firms, or auditing firms.
-
In-depth understanding of various IT security frameworks and audit standards, such as ISO 27001, COBIT, SOC 2, SOC 1, NIST, and SOX.
-
Familiarity with relevant regulatory requirements, industry best practices, and data protection regulations (e.g., GDPR).
-
One or more certifications, such as CISA, CISSP, CRISC, CISM, or equivalent qualifications, are highly desirable.
-
Knowledge of cybersecurity, cloud security, IT infrastructure, and related IT operational processes (change management, incident response, etc.).
-
Experience leading cross-functional initiatives with operational and technical teams.
-
Proficiency in speaking, reading, and writing in both English and Mandarin to collaborate effectively with global and cross-functional team members.
-
Familiarity with the risks and compliance challenges posed by emerging technologies (such as AI and blockchain) would be a plus.
-
Experience with IPO readiness and related compliance requirements would be a plus.