Job Application for ERM Director at Bybit

New

About Us
Established in March 2018, Bybit is one of the fastest growing cryptocurrency derivatives exchanges, with more than 70 million registered users. We offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. We provide innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strive to be the most reliable exchange for the emerging digital asset class.

Our core values define us. We listen, care, and improve to create a faster, fairer, and more humane trading environment for our users. Our innovative, highly advanced, user-friendly platform has been designed from the ground-up using best-in-class infrastructure to provide our users with the industry's safest, fastest, fairest, and most transparent trading experience. Built on customer-centric values, we endeavour to provide a professional, 24/7 multi-language customer support to help in a timely manner.

As of today, Bybit is one of the most trusted, reliable, and transparent cryptocurrency derivatives platforms in the space.

We are seeking a highly experienced and capable Enterprise Risk Management (ERM) Lead to establish and lead the second-line enterprise risk function for Bybit. This role is responsible for designing and maintaining the ERM framework, providing independent second-line oversight across financial and non-financial risks, and ensuring alignment with global regulatory expectations applicable to cryptocurrency exchanges.

The role will focus on strengthening risk governance, risk appetite articulation, risk identification and monitoring, and regulatory-facing risk capabilities.

This position serves as a key interface with regulators and group-level risk teams and plays a critical role in supporting Bybit’s sustainable growth and regulatory readiness.

This position reports to the Global Head of Internal Audit and Enterprise Risk.

Responsibilities

ERM Framework & Governance

Lead the establishment and ongoing enhancement of the group-wide ERM framework, acting as the second-line owner of ERM.
Design and enhance risk governance structures, policies, and standards in alignment with COSO ERM, ISO 31000, and relevant regulatory requirements.
Develop and maintain risk taxonomy, risk classification standards, and risk appetite statements to ensure consistency across regions and business units.

Enterprise Risk Identification & Monitoring

Coordinate the identification and assessment of enterprise-wide risks across regions and BUs, covering both financial and non-financial risk domains.
Work collaboratively with first-line and second-line functions (e.g. Finance, Security, Legal and Compliance, and group-level risk teams) to ensure appropriate and sufficient risk mitigation and monitoring measures are in place.
Ensure risk identification, assessment, and monitoring approaches are consistent, proportionate, and aligned with Bybit’s approved risk appetite, strategic objectives, and regulatory expectations.
Maintain the enterprise Risk Register, and associated risk and control logs covering all material financial and non-financial risks across the business.

Risk Advisory, Monitoring & Reporting

Act as a central risk advisory function on specific risk topics (e.g. third-party and outsourcing risks, liquidity risk, operational and technology risks), working collaboratively with relevant teams to support effective risk mitigation and monitoring.
Design and coordinate Risk and Control Self-Assessments (RCSAs) to assess the adequacy of key controls and to identify emerging risk trends across the business.
Develop and maintain Key Risk Indicators (KRIs) to enable ongoing monitoring of material risks and early identification of risk deterioration.
Maintain enterprise-level risk dashboards, heatmaps, and reporting, providing clear visibility of risk trends, incidents, and control effectiveness to senior management and the board.
Ensure risk incidents, material risk events, and remediation actions are appropriately captured, analyzed, and reflected in enterprise risk reporting

Business Continuity Management (BCM)

Support the development and periodic review of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
Participate in business impact analyses and risk scenario planning, and ensure resilience measures are well-documented and effective.

Group & Regulatory Coordination

Act as the primary liaison with group-level risk and compliance teams, ensuring local ERM implementation aligns with broader group strategy and expectations.
Implement group-wide risk policies, standards, and procedures, tailoring them to local regulatory and operational contexts.
Coordinate and support group risk reporting requirements, contributing to consolidated dashboards, reviews, regulatory engagements, and audits.

Requirements

Qualifications & Experience

Bachelor’s degree in Risk Management, Finance, Accounting, Business, Engineering, or a related discipline.
12–15+ years of experience in enterprise risk management, second-line risk, or regulatory risk roles within a cryptocurrency exchange, financial institution, regulator or fintech.
Proven experience designing, implementing, and operating ERM frameworks in multi-jurisdictional and regulated environments.
Demonstrated experience engaging with regulators and senior management on enterprise risk matters.
Candidates with less extensive experience may be considered for a Senior Manager role, subject to demonstrated depth in ERM expertise, regulatory engagement capability, and overall role fit. Appointment at Director level will be reserved for candidates with proven ability to lead ERM frameworks, engage regulators independently, and operate at a strategic level.

Technical Expertise

Strong knowledge of ERM frameworks, including COSO ERM and ISO 31000.
Solid understanding of financial and non-financial risks, including financial and treasury, market integrity and trading, operational, technology, cybersecurity, and third-party risks.
Experience in risk appetite implementation, KRI design, scenario analysis, and stress testing.
Familiarity with crypto exchange operating models, technology infrastructure, and regulatory expectations is highly desirable.

Leadership & Soft Skills

Strong stakeholder management and influencing skills, with the ability to provide effective second-line challenge.
Excellent analytical, structuring, and documentation skills.
Clear and confident communicator, capable of engaging senior leadership, boards, and regulators.

Certifications

Professional certifications such as FRM, PRM, CRM or equivalent ERM-related certifications are strongly preferred.

Other Requirements

Ability to operate effectively in a fast-paced, evolving regulatory environment.
Experience working across regions and cultures.
Proficiency in English and Chinese.
Location: Hong Kong / Malaysia / Abu Dhabi

Why Join Us
At Bybit, we are committed to fostering a supportive and enriching work environment.
Our benefits include:
- Study Growth Fund: We support your professional development and continuous learning.
- Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.
- Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.
- Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.
- Internal Mobility: Grow with us- Your long-term development is important to us. We offer internal job opportunities to help build your career path.

ERM Director