100x is the result of the phenomenal success of BitMEX, the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.
As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD per day.
Join us, as we build a thriving cryptocurrency ecosystem of 100x Group companies, through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.
This is a critical role supporting the Security Assurance team, part of the overall Security organization and is focused on Security Compliance. In this role, you will play a critical role in ensuring compliance with 100x Security Policy, Standards and Security Common Controls Framework. You will collaborate with stakeholders in the successful execution of ISO 27001 certification, SOC2 Audits and other security initiatives. The position will also help build automated controls monitoring of security controls and explain them to internal and external stakeholders. The Security Assurance Strategist will be someone that has a passion for implementing innovative security controls that mitigate risk to the company, empower 100x’s culture of rapid innovation, and help demonstrate our dedication to security to the world. This role requires a mix of broad, business and technical acumen, the ability to inspire and influence decisions pertaining to regulatory standards, and a polished ability to communicate with key internal stakeholders.
- Maintain Common Control Framework (CCF) and Controls List.
- Perform ongoing security controls self assessment to support ISO, SOC2, DABA etc. initiatives.
- Liaison with the control owners for controls design and implementation.
- Perform controls testing for Security Risk Assessment Process as needed.
- Assist in automating continuous monitoring of security controls.
- Assist in implementation and maintenance of security GRC/IRM tool.
- Provide KPI’s and KRIs for security compliance.
- Leads the planning, execution, and reporting of security Controls Self Assessment (CSA) at 100x.
- Ensures accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational, financial, strategic and compliance risk implications.
- Engages with business and control owners, internal & external auditors, as well as 100x leadership on new and ongoing compliance initiatives and business transformation projects.
- Facilitates the execution of external audits over 100x’s products and internal controls in accordance with, but not limited to: SOC 2, ISO 27001 etc.
- Leads audit walkthroughs and drives the process of audit evidence collection and review for internal and external audit engagements.
- Assists in the design of automation to enable scalability of the compliance programs
- Assists in GRC tool implementation and day to day management.
- Own the follow up process on management action plans to ensure appropriate and timely mitigation of identified controls failure.
- Assists with coaching and development of junior members of the team.
Skills, Traits & Competencies:
- 5+ years of security experience in relevant security domains (e.g. compliance, security risk management, security audit).
- Prior experience of working in Security and Privacy compliance engineering or similar groups at a tech or fintech.
- Expertise working on major compliance programs in a complex technical environment supporting at a minimum SOC 2, GDPR, and ISO 270001/2 frameworks.
- Strong communication skills, in particular around objectively measuring risk and compliance.
- Strong technical background working on complex engineering, security and operations projects and initiatives.
- Expertise managing and coordinating work for external audits and consultants.
- Relevant certifications like CISSP, CISA, AWS CCP are preferred