Risk & Internal Audit Manager

About UsEstablished in March 2018, Bybit is one of the fastest growing cryptocurrency derivatives exchanges, with more than 70 million registered users. We offer a professional platform where crypto traders can find an ultra-fast matching engine, excellent customer service and multilingual community support. We provide innovative online spot and derivatives trading services, mining and staking products, as well as API support, to retail and institutional clients around the world, and strive to be the most reliable exchange for the emerging digital asset class.Our core values define us. We listen, care, and improve to create a faster, fairer, and more humane trading environment for our users. Our innovative, highly advanced, user-friendly platform has been designed from the ground-up using best-in-class infrastructure to provide our users with the industry's safest, fastest, fairest, and most transparent trading experience. Built on customer-centric values, we endeavour to provide a professional, 24/7 multi-language customer support to help in a timely manner.As of today, Bybit is one of the most trusted, reliable, and transparent cryptocurrency derivatives platforms in the space.Role Overview We are seeking a strategic, analytical, and detail-oriented Risk & Internal Audit Manager to lead the company’s risk governance, internal audit, and cybersecurity oversight functions. The ideal candidate will develop and maintain risk management policies, conduct risk-based internal audits, and oversee incident response and cybersecurity preparedness.Key Responsibilities Risk Management & GovernanceIdentify, assess, and continuously monitor operational, strategic, financial, cyber, and compliance risks across departments.Develop and implement risk management policies, procedures, and methodologies to assess likelihood and impact.Maintain and update the centralized risk register, track risk owners, mitigation strategies, and timelines.Design, implement, and oversee internal controls to ensure effective mitigation and process efficiency.Monitor Key Risk Indicators (KRIs) and provide early warnings for emerging threats, especially within the crypto market.Ensure business continuity and resilience through robust disaster recovery and risk mitigation planning.Collaborate with Finance, Compliance, Product, Technology, Legal, and HR to embed risk thinking into day-to-day operations.Stay up-to-date with regulations, including POJK/SEOJK on digital assets, crypto taxation policies, and AML/CFT rules.Internal AuditCreate and execute a risk-based internal audit plan to assess high-priority areas including cybersecurity, transaction monitoring, customer data protection, and finance.Perform walkthroughs, internal control testing, and root-cause analysis on incidents or audit findings.Deliver clear, actionable audit reports with priority-based recommendations to management and the Board.Support external audits and regulatory reviews (OJK, PPATK, DJP), ensuring audit readiness and documentation.Cybersecurity & Incident ResponseCoordinate or lead incident response investigations involving fraud, system disruptions, and potential compliance breaches.Ensure preventive measures are in place through independent cybersecurity audits, business continuity testing, and regular training.Evaluate long-term cybersecurity investments and assist in tech risk assessments.Consumer Protection & ComplianceEnsure policies and systems align with data protection laws, consumer complaint handling standards, and product transparency obligations.Verify that KYC/CDD/EDD processes are effective and integrated with suspicious transaction monitoring systems.Promote a culture of accountability through whistleblowing mechanisms and internal ethics frameworks.Requirement :Bachelor’s degree in Accounting, Finance, Law, IT, or related field.Professional certification (CIA, CRMA, CISA, CISM, or equivalent) is a plus.Professional risk certification is required: CRMP, ICBRR, or BSMRMinimum 5–7 years of relevant experience in risk management, internal audit and governance.In-depth understanding of risk frameworks (COSO, ISO 27001), internal control systems, and audit practices.Experience in incident response management is an advantage.Familiarity with the Indonesian regulatory landscape: OJK, PPATK, Bank Indonesia, and DJP, especially concerning AML-CFT and digital asset taxation.Strong analytical, communication, and reporting skills.Ability to work independently and collaboratively with cross-functional teams.Fluency in English is a must, Mandarin is a plus.Why Join UsAt Bybit, we are committed to fostering a supportive and enriching work environment.Our benefits include:Study Growth Fund: We support your professional development and continuous learning.Internal Events: Participate in regular team-building activities, workshops, and events designed to promote collaboration and innovation.Global Collaboration: Be part of a diverse, international team, working alongside colleagues from around the world.Career Advancement: Access opportunities for growth and advancement within a rapidly expanding global company.Internal Mobility: Grow with us - Your long-term development is important to us. We offer internal job opportunities to help build your career path.