Security Compliance Engineer

Security Compliance Engineer

Department: Security Department

Responsibilities

• Global License Application & Security Compliance Support
• Deeply participate in the company's virtual asset license applications in core global regions (e.g., MiCA in the EU, VARA in Dubai), taking full charge of and leading the security and technical compliance sectors.
• Responsible for delivering technical compliance assessment reports (covering IT system security, data protection, and risk control) and business compliance solutions required for license applications and regulatory engagement.
• Daily Compliance Management
• Manage daily compliance operations related to data security, privacy protection, and payment compliance (e.g., PCI DSS, Hong Kong PDPO, GDPR).
• Establish and optimize the security compliance management system. Refine privacy policies, user agreements, and internal data security guidelines to ensure compliance frameworks align with actual business operations.
• Regulatory Tracking & Risk Assessment
• Track global laws, regulations, and regulatory dynamics related to Web3, virtual asset regulation, payments, and data protection. Regularly assess compliance risks faced by the company's business and propose corresponding mitigation and improvement measures.
• Organize internal risk assessments and security compliance audits, cooperate with external regulatory inspections and information disclosures, and ensure the company's compliance status is transparent and controllable.
• Compliance Implementation & Incident Response
• Accurately interpret regulatory requirements and translate them into executable technical standards. Drive tech and product teams to implement specific security measures such as Privacy by Design, data classification/grading, data masking, and access control.
• Act as the Data Protection Officer (DPO) point of contact, appropriately handling user data-related complaints, inquiries, and security incident responses.

Requirements

• Experience & Background
• Bachelor's degree or above in Information Security, Computer Science, or a related field.
• Fluent in spoken and written English.
• 5 years of experience in security compliance within the Internet, Payment, or Web3 industries. (Note: Exceptional, high-potential candidates with a strong learning aptitude are also highly encouraged to apply).
• Regulatory & Industry Knowledge
• Familiar with privacy regulations such as GDPR and Hong Kong PDPO , as well as the PCI DSS payment standard.
• Understanding of the global regulatory framework for Web3/virtual assets (e.g., MiCA, VARA, US-related regulations). Hands-on experience participating in overseas license applications is a strong plus.
• Professional & Collaboration Skills
• Proven experience in building and implementing compliance frameworks. Ability to independently complete technical compliance reports and prepare license application materials.
• Ability to use English as a working language (required for handling English compliance and regulatory documents).
• Exceptional cross-team communication and driving skills, capable of seamlessly bridging regulatory requirements with technical implementation.
• Preferred Qualifications (Bonus Points)
• Holding professional security or privacy compliance certifications such as CIPP/E, ISO27701, CISSP, or CISA .