Security Compliance & Governance Engineer (Web3)

TL;DR

Security Compliance & Governance Engineer (Web3): Leading audit remediation and IT security governance for a global crypto exchange with an accent on AI-assisted compliance and regulatory alignment. Focus on building infrastructure-grade compliance capabilities, managing auditor relations, and operationalizing IT governance policies.

Location: Hong Kong or Singapore

Company

hirify.global is a leading crypto exchange and developer of the hirify.global Wallet, providing millions of users and institutions access to crypto trading and decentralized applications.

What you will do

• Lead audit remediation programs by assessing gaps and driving verified closure across engineering, product, legal, and operations.
• Conduct IT security and architecture governance reviews to ensure systems meet applicable standards and issue remediation timelines.
• Draft and operationalize IT governance policies, translating complex regulatory requirements into actionable guidance for technical teams.
• Serve as the primary coordination interface for external auditors and regulators.
• Prototype and scale AI-assisted workflows for evidence collection, control monitoring, and policy generation.
• Produce executive-level governance dashboards and briefs on risk exposure and regulatory posture.

Requirements

• Location: Must be based in Hong Kong or Singapore
• 8+ years of experience in IT audit, risk management, compliance, or security governance.
• 3+ years leading governance programs at a large-scale internet, financial services, or crypto firm.
• Deep working knowledge of ISO 27001, SOC 1/2, PCI-DSS, COBIT, NIST, and GDPR.
• Active daily use of AI tools to accelerate compliance and governance workflows.
• English: Executive-level written and verbal communication required
• Ability to read and interpret code, architecture diagrams, and technical design documents independently.

Nice to have

• Proficiency in Mandarin (written and verbal) for APAC stakeholder engagement.
• Professional certifications such as CISA, CISSP, CRISC, CISM, or CCISO.
• Experience with SOX ITGC, SEC Reg S-K, or equivalent listing-authority programs.
• Crypto-native compliance exposure, including Proof of Reserves and the Travel Rule.

Culture & Benefits

• Competitive total compensation package.
• Comprehensive healthcare schemes for employees and their dependents.
• L&D programs and education subsidies for professional growth.
• Wellness and meal allowances.
• Various team building programs and company events.