Technology Risk Lead
Framework Ventures
- New York, New York, United States
- New York, New York, United States
À propos
BitMEX is a leading crypto‑derivatives exchange founded in 2014 that provides a secure, low‑latency trading platform for a wide range of products.
Role Overview
As the Technology Risk Lead, you will bootstrap BitMEX’s Security Assurance practice by architecting our security policy and risk‑management frameworks with compliance‑as‑code as the foundation. You will operationalise our common controls framework, facilitate SOC 2 and ISO 27001 audits, and collaborate with stakeholders to execute security initiatives.
Key Responsibilities
Translate regulatory and compliance requirements into code and actionable technical controls. Identify, communicate and mitigate risks, processes and internal control gaps with potential adverse operational risk implications. Operationalise the delivery of multiple security metrics. Deliver threat‑modeling spot checks and conduct deep‑diving technical risk assessments. Provide security training and outreach to internal tech teams. Facilitate the execution of external audits over BitMEX’s products and internal controls in accordance with SOC 2, ISO 27001 and other frameworks.
Qualifications
10+ years of security industry experience with a strong background in software development. At least 3 years of hands‑on experience in a Cloud‑first environment. Deep knowledge of Amazon Web Services and general Cloud infrastructure security. Expertise in GRC processes to consistently automate and supervise information security controls, testing and risk. Knowledge of network security architecture concepts, including topology, protocols, components and principles. Hands‑on experience with Open Policy Agent, InSpec or CloudFormation Guard. Proven ability to write responses to regulators. Proficiency in managing complex global infrastructure as code.
Good to Have
Experience researching, building and implementing defensive security systems against internal and external attack vectors. Comfort operating across a wide variety of platforms and technologies. Relevant certifications such as CISSP, CISA, AWS CCP, CIPP or CIPT. Prior experience in Security and Privacy compliance engineering or similar groups at a tech or fintech firm.
Benefits
Work from home with flexible arrangements to balance work, family and personal life. Paid holidays and leave to ensure you can attend important events. Team‑building and off‑site events to bring our global team closer. Beyond‑Border Remote Working policy allowing work from locations outside your home country. Option to be paid in fiat or cryptocurrency, providing flexibility to shape your financial freedom.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.