Security Risk Lead

About BitMEX. BitMEX stands as a globally leading exchange for crypto derivatives, offering traders a professional‑grade trading platform. Since its inception in 2014, BitMEX has maintained an impeccable security record with “no coin lost, ever!”. Our platform caters to cryptocurrency derivatives traders by providing low latency, deep liquidity, and maximum availability. Currently, BitMEX offers more than 100 derivatives contracts, 16 pairs for spot trading, and an easy covert function between 30+ different cryptocurrencies. In 2015, BitMEX revolutionised the market by inventing the Perpetual Swap, which has since become the most widely traded crypto product. Demonstrating a commitment to transparency, since 2021, BitMEX has been among the first exchanges to regularly publish its on‑chain Proof of Reserves and Proof of Liabilities, ensuring that the funds available exceed the total client balances. For more information on BitMEX, company initiatives and our products, please visit the BitMEX Blog or and follow LinkedIn, Discord, Telegram. Role Overview This is a critical role to bootstrap BitMEX's Security Assurance practice, responsible for architecting our Security Policy and Risk Management frameworks with compliance‑as‑code as the foundational pillar of our strategy. The position is highly technical in nature and is expected to operationalise our security common controls framework. As the Security Risk Lead, you will also collaborate with stakeholders on the successful execution of SOC2 audits and other security initiatives. This role is for a highly experienced technical security engineer ready to expand beyond technical execution. We're seeking a candidate with a strong blend of technical and business acumen, proven experience influencing decisions on regulatory standards, and excellent communication skills. Key Responsibilities Translate regulatory and compliance requirements into code and actionable technical controls. Ensure accurate identification, communication, and mitigation of risks, processes, and internal control gaps with potential adverse operational risk implications. Operationalise the delivery of several security metrics. Deliver various threat modeling spot checks. Perform deep‑dived technical risk assessments. Provide security training and outreach to internal tech teams. Facilitate the execution of external audits over BitMEX's products and internal controls in accordance with, but not limited to, SOC2 and ISO27001. Qualifications 10+ years of security industry experience with a strong background in software development including at least 3 years of hands‑on experience. Demonstrated success in leading technical teams in a cloud‑first environment with deep knowledge of Amazon Web Services and general cloud infrastructure security. Expert on GRC processes to consistently automate and supervise information security controls, testing, and risks. Knowledge of network security architecture concepts, including topology, protocols, components, and principles. Hands‑on experience with Open Policy Agent, InSpec, or CloudFormation Guard. Demonstrated knowledge and expertise in written responses to regulators. Proficient in managing complex global infrastructure as code. Good to have Demonstrated experience researching, building, and implementing defensive security systems that are used against internal and external attack vectors. Comfortable operating across a wide variety of platforms and technologies. Relevant certifications like CISSP, CISA, AWS CCP, CIPP, or CIPT are preferred. Prior experience of working in security and privacy compliance engineering or similar groups at a tech or fintech firm. Why BitMEX? BitMEX offers a dynamic environment that blends intense work, a vibrant culture, and diversity. We actively recruit across time zones to meet growing demands and attract top global talent. We're seeking determined, responsible, and collaborative individuals to join us in building a leading cryptocurrency ecosystem. We value meticulousness, agility, and simplicity. As a 24/7 global exchange, we look for adaptable team players who can excel in a diverse, cross‑market environment. We provide flexible arrangements to our remote contract talents with: Work from home to help you find the perfect balance between work, family and personal life Paid holidays and leave so you won’t miss out on any important events Team building & off‑site events to bring our global team closer Advantage of our Beyond Border Remote Working policy, where you get to work away from your home country Option to choose to be paid in fiat or crypto currency, providing the flexibility to shape your financial freedom #J-18808-Ljbffr