Lead Security Management Engineer
Bybit · Remote / APAC
About Us
Established in 2018, Bybit is one of the world’s leading cryptocurrency exchanges and digital financial platforms, serving over 80 million users across more than 200 countries and regions. Powered by world-class technology and a user-first mindset, Bybit delivers a seamless ecosystem across trading, payments, wealth management, custody, institutional services, and Web3 — connecting users to the future of digital finance.
Our core values define how we build. We listen, care and improve to create products and experiences that put users first. Backed by a global team of ambitious builders, problem-solvers, and innovators, we foster a high-performance and fast-moving environment where talent is empowered to drive real impact at the global scale. Supported by 24/7 multilingual customer service and a strong commitment to innovation, we are shaping the future of finance through technology, collaboration, and bold execution.
Today, Bybit is recognized as one of the most trusted and transparent platforms in the digital asset industry, continuing to expand its global presence while building the infrastructure for the next generation of financial services.
Job responsibilities Regulatory cooperation and audit reception
Cooperate with on-site inspections and remote reviews by reception regulatory agencies (OJK, Bappebti, Kominfo, etc.)
During the Regulatory Scrutiny process, explain the current status, technical architecture, and control measures of the company's information security management system to inspectors
Prepare technical documents and evidence materials required for audit (such as system architecture diagrams, access control instructions, data flow diagrams, etc.)
Track Regulatory Inquiry and Rectification Requirements, coordinate internal team to complete closed loop on time
Pay attention to local regulatory policy dynamics and provide timely feedback to the headquarters security compliance team
Manage server root accounts on demand to ensure root account security.
Construction and maintenance of compliance system
Maintain local compliance system and ensure alignment with headquarters ISMS framework
Perform compliance gap analysis to identify nonconformities and drive corrections
Maintain compliance document library (systems, processes, records, evidence) to ensure audit readiness
Assist with local compliance certification or license application (if applicable)
Security management
Perform compliance site related information security threat and risk assessments and maintain risk registers
Monitor the implementation of compliance station access control policies and regularly review permission assignments
Coordinate compliance station security incident response and ensure incidents are escalated as required (if applicable)
Promote compliance site security awareness training and ensure local employees understand compliance requirements and security specifications
Participate in compliance station supplier security evaluation and third-party risk management
Audit support
Cooperate with internal and external audits (ISO 27001, SOC2, etc.) and prepare evidence materials
Track the progress of rectification found in audits to ensure timely closure
Coordinate the execution and reporting of security evaluation activities such as penetration testing and vulnerability scanning
Job requirements
4-5 years of experience in information security, compliance, or a related field
Experience in regulatory reception or audit support (experience in OJK, Bappebti or Kominfo preferred)
Familiar with information security frameworks (ISO 27001, SOC2, NIST or equivalent standards)
Experience with gap analysis, threat and risk assessment and compliance document management
Understand access control principles, incident response processes, and security awareness training systems
Fluent in Chinese and English listening and speaking, strong written expression ability; those who can speak Indonesian are preferred
Possess XFN coordination skills and be able to communicate effectively with technical and non-technical teams
Careful and rigorous, strong document management and organizational skills
Priority conditions
Have a background in financial technology, cryptocurrency, or Financial Services industry
Hold relevant certifications: CISA, CISSP, ISO 27001 Chief Auditor/Chief Implementer or equivalent qualifications
Experience working with multinational companies and headquarters compliance teams
Why Join UsAt Bybit, we are committed to fostering a supportive and enriching work environment. Our benefits include:- Study Growth Fund: We support your professional development and continuous learning.- Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.- Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.- Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.- Internal Mobility: Grow with us- Your long-term development is important to us. We offer internal job opportunities to help build your career path.