Lead Security Management Engineer

About UsEstablished in March 2018, Bybit is one of the fastest growing cryptocurrency derivatives exchanges, with more than 70 million registered users. We offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. We provide innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strive to be the most reliable exchange for the emerging digital asset class. Our core values define us. We listen, care, and improve to create a faster, fairer, and more humane trading environment for our users. Our innovative, highly advanced, user-friendly platform has been designed from the ground-up using best-in-class infrastructure to provide our users with the industry's safest, fastest, fairest, and most transparent trading experience. Built on customer-centric values, we endeavour to provide a professional, 24/7 multi-language customer support to help in a timely manner. As of today, Bybit is one of the most trusted, reliable, and transparent cryptocurrency derivatives platforms in the space. Job responsibilities Regulatory cooperation and audit reception

Cooperate with on-site inspections and remote reviews by reception regulatory agencies (OJK, Bappebti, Kominfo, etc.)

During the Regulatory Scrutiny process, explain the current status, technical architecture, and control measures of the company's information security management system to inspectors

Prepare technical documents and evidence materials required for audit (such as system architecture diagrams, access control instructions, data flow diagrams, etc.)

Track Regulatory Inquiry and Rectification Requirements, coordinate internal team to complete closed loop on time

Pay attention to local regulatory policy dynamics and provide timely feedback to the headquarters security compliance team

Manage server root accounts on demand to ensure root account security.

Construction and maintenance of compliance system

Maintain local compliance system and ensure alignment with headquarters ISMS framework

Perform compliance gap analysis to identify nonconformities and drive corrections

Maintain compliance document library (systems, processes, records, evidence) to ensure audit readiness

Assist with local compliance certification or license application (if applicable)

Security management

Perform compliance site related information security threat and risk assessments and maintain risk registers

Monitor the implementation of compliance station access control policies and regularly review permission assignments

Coordinate compliance station security incident response and ensure incidents are escalated as required (if applicable)

Promote compliance site security awareness training and ensure local employees understand compliance requirements and security specifications

Participate in compliance station supplier security evaluation and third-party risk management

Audit support

Cooperate with internal and external audits (ISO 27001, SOC2, etc.) and prepare evidence materials

Track the progress of rectification found in audits to ensure timely closure

Coordinate the execution and reporting of security evaluation activities such as penetration testing and vulnerability scanning

Job requirements

4-5 years of experience in information security, compliance, or a related field

Experience in regulatory reception or audit support (experience in OJK, Bappebti or Kominfo preferred)

Familiar with information security frameworks (ISO 27001, SOC2, NIST or equivalent standards)

Experience with gap analysis, threat and risk assessment and compliance document management

Understand access control principles, incident response processes, and security awareness training systems

Fluent in Chinese and English listening and speaking, strong written expression ability; those who can speak Indonesian are preferred

Possess XFN coordination skills and be able to communicate effectively with technical and non-technical teams

Careful and rigorous, strong document management and organizational skills

Priority conditions

Have a background in financial technology, cryptocurrency, or Financial Services industry

Hold relevant certifications: CISA, CISSP, ISO 27001 Chief Auditor/Chief Implementer or equivalent qualifications

Experience working with multinational companies and headquarters compliance teams

Why Join UsAt Bybit, we are committed to fostering a supportive and enriching work environment. Our benefits include:- Study Growth Fund: We support your professional development and continuous learning.- Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.- Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.- Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.- Internal Mobility: Grow with us- Your long-term development is important to us. We offer internal job opportunities to help build your career path.