Security Assurance Strategist

  • 100x Group
  • Singapore
  • May 17, 2021
Full time Security & Privacy

Job Description

The Company

100x is the result of the phenomenal success of BitMEX, the world’s leading cryptocurrency derivatives trading platform, which has pioneered cryptocurrency trading through relentless commitment to change, and continues to set benchmarks for innovation, liquidity, and security today.

As the world's most advanced peer-to-peer crypto-products trading platform and API, BitMEX gives knowledge, confidence, and precision to hundreds of thousands of traders, transacting billions of USD per day.

Join us, as we build a thriving cryptocurrency ecosystem of 100x Group companies, through strategic investments in emerging cryptocurrency technology, and create the future of digital financial services.

Purpose of This Job:

This is a critical role supporting the Security Assurance team, part of the overall Security organization and is focused on Third Party Risk Management and Security Awareness. In the third party risk management role, you will build relationships with security and business leaders to ensure the third party security review process properly addresses risks while enabling the business to succeed. In the security awareness role, you will build relationships with the global workforce by explaining information security concepts and promoting secure behaviors and habits.

The ideal candidate will have strong communications skills, a passion for learning and helping others, and will thrive on working cross-functionally and building trust across Security, Engineering and related teams. Experience within a security, privacy or risk management function would be great.

Deliverables: 

  • Maintain a security awareness program that meets compliance requirements and builds on our existing culture which engages people to practice secure behaviors regardless of where they are.
  • Update Security Awareness content and formalize the security awareness cadence globally.
  • Develop or source targeted Security training for critical groups (starting with Executive assistants, Finance, Customer Support) 
  • Create and deliver security best practices recommendations, tutorials, blog articles, presentations, adapting to different levels of business and technical staff.
  • Create a metrics framework that can effectively measure and communicate the impact of the program including program quality monitoring
  • Create a security ambassadors program, establishing key individuals in all organizations who can reiterate our security first narrative.
  • Optimize the 3rd Party Risk Management Process and expand our security review process to include security hardening requirements:
    • Create systems that inventory all 3rd party vendor requests
    • Automate vendor risk tier calculation based on submitted information from the business
    • Monitor changes in data sharing scope
    • Improve vendor offboarding process including data deletion requests

Key Responsibilities:

This individual would manage the security awareness and third party risk management program, ensuring the following:

  • Execute on our Security Assurance roadmap.
  • Support security awareness training efforts, including developing or sourcing training content and ensure training of employees and contractors
  • Execute phishing campaigns
  • Develop, plan, coordinate and deliver engaging security awareness sessions at a global scale on a regular basis throughout the year
  • Work with multiple company stakeholders to develop “Security Champions”
  • Define metrics to track security awareness program progress and maturity
  • Create a security awareness mini-program that is engaging and impactful to an external audience
  • Ensure all vendors (software, plug-ins, professional services, etc) are successfully vetted by the Security review process
  • Continually support organizational alignment to maintain third party risk management program related standards and procedures to drive consistent, repeatable assessment activities
  • Perform vendor security assessments for IT Risk with focus on Access Management, Change Management, Data Security, Networking protocols, and compliance requirements 
  • Monitor third party risk on an on-going basis and review risks/issues through remediation

Skills, Traits & Competencies:

  • 5+ years of security experience in relevant security domains (e.g. compliance, security risk management, TPM)
  • Prior experience of working in Security and Privacy compliance engineering or similar groups at a tech or fintech.
  • Expertise working on major compliance programs in a complex technical environment supporting at a minimum SOC 2, GDPR, and ISO 270001/2 Series frameworks.
  • Strong communication skills, in particular around objectively measuring risk.
  • Strong technical background working on complex engineering, security and operations projects and initiatives. 
  • A natural teacher, good at putting points across engagingly and enthusiastically and inspiring people to take an interest in information security
  • Ability to communicate and market technical messages in a simple, clear, and engaging manner. Experience creating innovative content and working with different types of communications methods, to include newsletters, videos, printed materials, and hosted events.
  • Excellent organizational and project management, relationship management, are all skills that will be key to be successful in this role.
  • Understanding of learning theory or instructional design and concepts of organizational behavior, culture, and how culture impacts how people behave, learn, and interact with others.
  • High sense of ownership, urgency, and drive.