Lead Security Management Engineer

About the role

Established in 2018, Bybit is one of the world's leading cryptocurrency exchanges and digital financial platforms, serving over 80 million users across more than 200 countries and regions. Powered by world-class technology and a user-first mindset, Bybit delivers a seamless ecosystem across trading, payments, wealth management, custody, institutional services, and Web3 - connecting users to the future of digital finance. Our core values define how we build. We listen, care and improve to create products and experiences that put users first. Backed by a global team of ambitious builders, problem-solvers, and innovators, we foster a high-performance and fast-moving environment where talent is empowered to drive real impact at the global scale. Supported by 24/7 multilingual customer service and a strong commitment to innovation, we are shaping the future of finance through technology, collaboration, and bold execution. Today, Bybit is recognized as one of the most trusted and transparent platforms in the digital asset industry, continuing to expand its global presence while building the infrastructure for the next generation of financial services. Job responsibilities Regulatory cooperation and audit reception Cooperate with on-site inspections and remote reviews by reception regulatory agencies (OJK, Bappebti, Kominfo, etc.) During the Regulatory Scrutiny process, explain the current status, technical architecture, and control measures of the company's information security management system to inspectors Prepare technical documents and evidence materials required for audit (such as system architecture diagrams, access control instructions, data flow diagrams, etc.) Track Regulatory Inquiry and Rectification Requirements, coordinate internal team to complete closed loop on time Pay attention to local regulatory policy dynamics and provide timely feedback to the headquarters security compliance team Manage server root accounts on demand to ensure root account security. Construction and maintenance of compliance system Maintain local compliance system and ensure alignment with headquarters ISMS framework Perform compliance gap analysis to identify nonconformities and drive corrections Maintain compliance document library (systems, processes, records, evidence) to ensure audit readiness Assist with local compliance certification or license application (if applicable) Security management Perform compliance site related information security threat and risk assessments and maintain risk registers Monitor the implementation of compliance station access control policies and regularly review permission assignments Coordinate compliance station security incident response and ensure incidents are escalated as required (if applicable) Promote compliance site security awareness training and ensure local employees understand compliance requirements and security specifications Participate in compliance station supplier security evaluation and third-party risk management Audit support Cooperate with internal and external audits (ISO 27001, SOC2, etc.) and prepare evidence materials Track the progress of rectification found in audits to ensure timely closure Coordinate the execution and reporting of security evaluation activities such as penetration testing and vulnerability scanning Job requirements 4-5 years of experience in information security, compliance, or a related field Experience in regulatory reception or audit support (experience in OJK, Bappebti or Kominfo preferred) Familiar with information security frameworks (ISO 27001, SOC2, NIST or equivalent standards) Experience with gap analysis, threat and risk assessment and compliance document management Understand access control principles, incident response processes, and security awareness training systems Fluent in Chinese and English listening and speaking, strong written expression ability; those who can speak Indonesian are preferred Possess XFN coordination skills and be able to communicate effectively with technical and non-technical teams Careful and rigorous, strong document management and organizational skills Priority conditions Have a background in financial technology, cryptocurrency, or Financial Services industry Hold relevant certifications: CISA, CISSP, ISO 27001 Chief Auditor/Chief Implementer or equivalent qualifications Experience working with multinational companies and headquarters compliance teams Why Join Us At Bybit, we are committed to fostering a supportive and enriching work environment. Our benefits include: - Study Growth Fund: We support your professional development and continuous learning. - Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation. - Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world. - Career Advancement: Access opportunities

Benefits

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Bybit? Share your experience