We are operating at the fast-moving frontier of the crypto ecosystem, where trust, speed, and ironclad security are paramount to our success. We aren't looking for a passive bureaucrat or a traditional checklist-checker. We need a sharp, highly autonomous Senior Engineer, GRC who genuinely loves the details, anticipates gaps before dashboards turn red, and possesses the human judgment to steer modern, tech-forward security frameworks. If you thrive in high-stakes environments and know how to balance real risk mitigation against empty paperwork, you’ll fit right in.
What you'll be doing:
Compliance lifecycle: Maintain ISO 27001 certification, prepare for SOC 2 Type 1 and 2, manage auditor relationships, and own evidence collection in Vanta. You know what's slipping before the dashboard turns red, and can forecast certification timelines confidently.
Vulnerability management (as a program): Own the SLA layer — weekly dashboard, breach escalation, exception tracking, and monthly leadership view. Engineers fix the bugs; you ensure they fix them on time.
Policy lifecycle: Annual reviews, new policies as scope expands, training rollout, attestation tracking, and exception requests. Reviews run through an adversarial AI pipeline today; you'll own the cadence and the human judgment inside it.
People-ops security controls: Onboarding/offboarding evidence, access reviews, security awareness training, background-check tracking, and permission groups. Partner with HR on the workflow; own the auditable artifact.
Vendor risk: Vendor inventory, pre-procurement assessments, and annual reassessments.
Risk program: Maintain the risk register and run quarterly reviews.
Data protection: DLP policy and tuning, data-classification programs, and PDPA partnership with Legal.
Business continuity: Own the BCP/DR program — documentation, drills, and post-exercise improvements.
What we're looking for:
3–5 years in security or GRC program management, ideally at a fintech that grew through early stages.
Hands-on experience running ISO 27001 and SOC 2 audits end-to-end, including auditor management.
Deep fluency in Vanta (or Drata, with willingness to switch). You know where the platform helps and where you have to compensate manually.
Confident representing the security program to security teams — both technically and as a trust signal.
Strong written and verbal communication.
Sound judgment on when a control gap is real risk vs. paperwork, and the ability to escalate to the right audience quickly.
Strong interest in Cryptocurrency, Blockchain, Fintech, or Finance/Trading — you follow the space, understand why it's a uniquely hostile threat environment, and want to defend it.
Proficient in English communication skill.
What’s in it for you:
MacBook or high-end laptop for working.
Full coverage of social insurance.
Premium health care for you and your family members.
Full 100% salary during probationary period.
Working in a professional, friendly, well-equipped workspace with both foreigners and Vietnamese.
Extensive on job training; will always having chances to work with new emerging technologies.
Friendly and fun start-up work culture.
Find out more about Coinhako here https://www.coinhako.com/ and don't forget to visit our Careers Page https://www.coinhako.com/join-us
By submitting your application to us, you consent to the collection, use, disclosure and processing of your personal data in accordance with our privacy policy, which is accessible at https://www.coinhako.com/legal/sg-1/privacy_policy.
Listed in: Cryptocurrency Jobs, Full Time Web3 Jobs, Developer Crypto Jobs, Compliance Web3 Jobs, Senior Crypto Jobs, Security Web3 Jobs.
Let employer know that you found this job on CryptoJobsList. This helps us get more companies to post web3 jobs here!
Senior Security Engineer, Governance Risk and Compliance at Coinhako: FAQ
Where is the Senior Security Engineer, Governance Risk and Compliance role at Coinhako based?
The Senior Security Engineer, Governance Risk and Compliance role at Coinhako is based in Ho Chi Minh, Vietnam. Check the job description for any remote or hybrid options.
What skills are required for the Senior Security Engineer, Governance Risk and Compliance role at Coinhako?
This Senior Security Engineer, Governance Risk and Compliance role is associated with the following skills and technologies:
- Full Time
- Developer
- Compliance
- Senior
- Security
Read the full job description above for the complete list of requirements.
Is the Senior Security Engineer, Governance Risk and Compliance role at Coinhako full-time or contract?
Coinhako is hiring this Senior Security Engineer, Governance Risk and Compliance as a full time position.
How do I apply for the Senior Security Engineer, Governance Risk and Compliance role at Coinhako?
You can apply for the Senior Security Engineer, Governance Risk and Compliance role at Coinhako directly on this page using the Apply button. Ho Chi Minh, Vietnam candidates are welcome. Applications submitted through CryptoJobsList reach the employer directly.