• Assess and improve client security and IT controls • Develop policies, processes, and risk assessments aligned to top frameworks including NIST, ISO 27001, and SOC 2 • Document security requirements, support control implementation, and help track remediation progress • Build risk registers, support assessments, and monitor remediation progress • Work hands-on with GRC tools and contribute to solutions for complex client challenges • Translate technical and regulatory requirements into clear, actionable steps for clients • Participate in peer review of deliverables before going to clients.

• Lead assessments and audits of security and IT control environments • Design, implement, and mature cybersecurity and compliance programs • Develop risk registers, conduct risk assessments, and track remediation efforts • Create and refine policies, standards, and procedures aligned with top frameworks including SOC 2, ISO 27001, NIST CSF, HIPAA, HITRUST, CMMC, and others • Prepare clients for internal audits and external assessments • Translate technical, regulatory, and business requirements into clear, actionable deliverables for client stakeholders • Communicate findings, manage client feedback, and drive outcomes even when stakeholders push back • Mentor junior analysts and contribute to the growth of our GRC practice • Participate in peer review of deliverables before they go to clients.

Who We Are At OKX, we believe that the future will be reshaped by crypto, and ultimately contribute to every individual's freedom. OKX is a leading crypto exchange, and the developer of OKX Wallet, giving millions access to crypto trading and decentralized crypto applications (dApps). OKX is also a trusted brand by hundreds of large institutions seeking access to crypto markets. We are safe and reliable, backed by our Proof of Reserves. Across our multiple offices globally, we are united by our core principles: We Before Me, Do the Right Thing, and Get Things Done. These shared values drive our culture, shape our processes, and foster a friendly, rewarding, and diverse environment for every OK-er. OKX is part of OKG, a group that brings the value of Blockchain to users around the world, through our leading products OKX, OKX Wallet, OKLink and more. About the Team: The Compliance function at OKX is responsible for the overall compliance culture at the company. We’re a team of risk-minded problem solvers who advise the business on the company’s regulatory obligations and enterprise risk. What You'll Be Doing: The Compliance Manager serves as the critical link between the Issue Management lifecycle and the Firm’s Control Framework. This role is designed to ensure that remediation efforts are not just administrative exercises, but lead to the development of robust, sustainable controls. You will act as a "translator" between the Compliance teams who identify risks and the Product/Engineering teams who build the systems. Your primary objective is to ensure that every compliance issue results in a strengthened control environment, preventing recurrence through better organizational design and technical automation. You are responsible for ensuring the firm has a robust library of controls and that when things break, the resulting fix is built into the permanent infrastructure of the company. You bridge the gap between Compliance Monitoring (finding gaps) and Business Operations (building the business). Key Responsibilities: Remediation Design & Advisory: Partner with business units to move beyond "quick fixes." You will help stakeholders design long-term controls (automated or manual) that directly address the root causes identified during the issue management process. Control Mapping & Integration: Ensure every remediation action plan is mapped back to the Global Compliance Control Library. You will verify that new controls are properly documented, assigned owners, and integrated into the firm’s risk assessment tools. Root Cause Analysis (RCA): Lead deep-dive RCA sessions for complex or recurring issues. You will provide the analytical "bridge" that explains why a control failed and what specific engineering or process change is required to fix it. Organizational Alignment: Work closely with the Issue Management team to ensure that "Issue Closure" only happens once a control has been validated as effective, not just "implemented." Optimization: Manage the technical linkage between Issue Management tickets and the Governance, Risk, and Compliance (GRC) platform. You will ensure data flows seamlessly between "Issues" and "Controls." Control Validation Testing: Design the testing scripts used to validate that a newly developed control is working as intended before an issue is officially marked as remediated. Thematic Reporting: Identify trends across multiple issues to suggest "horizontal" control improvements that could benefit multiple departments simultaneously. Control Design & Consulting: Partnering with the business to build "Key Compliance Controls" (KCCs). You ensure that every control has a clear Objective (what are we stopping?), a Frequency (how often does it run?), and an Owner (who is responsible?). Control Library Maintenance: Managing the "Source of Truth" (often a GRC tool or master spreadsheet) that lists every compliance control across the firm. Design Effectiveness (DE) Assessment: Reviewing a control before it is even turned on to see if it is logically capable of stopping the risk. (e.g., "If this is a manual check, is the person actually qualified to spot the error?") Operating Effectiveness (OE) Testing: Performing "sample testing" to see if the control actually worked over a period of time. What We Look For in You AML Control Master: 7+ years of experience in Anti-Money Laundering (AML), Sanctions, or Financial Crime compliance, with a specific focus on Control Design and Mapping . You should have a proven ability to translate complex AML regulations (e.g., BSA/USA PATRIOT Act, 5AMLD) into functional technical requirements for engineering teams. Perks & Benefits Competitive total compensation package Hybrid role – 3 days a week in our downtown San Jose office Comprehensive healthcare schemes for employees and dependents Wellness programs, team events, and employee engagement initiatives L&D opportunities and professional development support More that we love to tell you along the process! #LI-JC4 #LI-HYBRID OKX Statement: OKX is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, and non-job related physical or mental disability, or protected veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. The salary range for this position is $107,000 - $200,000 (in CA) The salary offered depends on a variety of factors, including job-related knowledge, skills, experience, and market location. In addition to the salary, a performance bonus and long-term incentives may be provided as part of the compensation package, as well as a full range of medical, financial, and/or other benefits, dependent on the position offered. Notice: All official OKX vacancies are published on this website. While roles may appear on selected third-party platforms from time to time, information on other sites may be inaccurate or outdated. If in doubt, please apply directly through our official careers website. Information collected and processed as part of the recruitment process of any job application you choose to submit is subject to OKX 's Candidate Privacy Notice

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Health, Safety and Environmental (QHSE) Associate is responsible for reviewing and verifying the Safety and Health Programs, Procedures, and Training Pre-qualification requirements on behalf of AVETTA Operators and Contractor Members. The QHSE Associate has no supervisory responsibilities; ideal candidates have 3-5 years of safety audit experience. If residing within commutable distance to one of our offices, a hybrid schedule would be required (3 days in office, 2 days work from home). Those outside of commutable distance may be considered on a remote basis. Essential Duties and Responsibilities: - Conduct Manual Audits to assess a Contractor’s Safety and Health Programs, Procedures, and Training documentation required based on exposure hazards associated with services performed. - Ensure compliance with applicable legislation (Federal, State, Provincial, etc.) as well as any Client site requirements. - Assist customers with closing gaps or deficiencies as a result of the audit. - Provide guidance documents to assist the Contractor in developing their own policies/procedures to meet applicable requirements. - Perform customer verifications and Audit closure assistance. - Respond promptly to customer inquiries. - Record details of inquiries, comments and complaints within the Contractor Account Notes. - Forward customer complaints or concerns to the Audit Manager or other Designated Safety Professional in a timely manner. - MUST HAVE RELIABLE TRANSPORTATION; travel nationally up to 30% of the time. - Regular and predictive attendance. Non-Essential Duties and Responsibilities: - Performs other duties as assigned. - May be required to attend training, meetings, or seminars. Qualifications - Ability to interpret and make decisions based on regulatory (OSHA, EPA, MSHA, etc.), industry best practices, and/or Operator requirements. - An affinity for learning online software systems. - Working PC knowledge, Windows preferred and related applications. - Ability to multitask and manage priorities. - Adaptable to workload fluctuations and intensive deadlines. - Good written and oral communication skills. - Bi-lingual proficiency in both Spanish or French and English preferred. - Problem analysis and problem-solving skills. - Ability to read and interpret statistical data, information, and documents. - Attention to detail and accuracy. - Self-motivated and driven to succeed. - Ability to communicate and understand in a one-on-one or group situation. - Ability to interact with staff members and others encountered in the course of work. - Ability to learn and apply new information or skills. Requirements - Conceptual Knowledge of Federal and State Legislation (OSHA, MSHA, DOT, Maritime, Shipyard, etc.). - At least 3-5 years of relevant work experience in the safety profession OR Internship experience in a Safety, Health and/or Environmental role OR 3-5 years of Contractor Prequalification Verification experience. - 2-year or 4-year degree or Certification in Safety from an accredited college or university is a PLUS. - Experience with Environmental, O&G, MSHA, Maritime regulations is a PLUS. - Safety and Health Program development and/or revision is a PLUS. - Completion of OSHA 10hr or 30hr (Construction and/or General) is a PLUS. - Working knowledge of the relevant industries we serve. Benefits - Health, Dental, and Vision Insurance. - 401(K). - Paid Time Off. Company Description At Avetta, we are committed to salary transparency to ensure equitable hiring practices and promote trust. The salary range included in this job posting is based on internal and market data and the role's responsibilities. The final compensation offered to a candidate will be determined by several factors, including work location, job-related skills, experience, and relevant education or training. The salary range for this position is $46,500 - $62,500 USD per year. To apply for the QHSE Associate position, please submit your online application by March 15, 2026, at 11:59 PM PST.