About Bullish
Bullish is an institutionally focused global digital asset platform that provides market infrastructure and information services. These include:
Bullish Exchange – a regulated and institutionally focused digital assets spot and derivatives exchange, integrating a high-performance central limit order book matching engine with automated market making to provide deep and predictable liquidity. Bullish Exchange is regulated in Germany, Hong Kong, and Gibraltar.
CoinDesk Indices – a collection of tradable proprietary and single-asset benchmarks and indices that track the performance of digital assets for global institutions in the digital assets and traditional finance industries.
CoinDesk Data - a broad suite of digital assets market data and analytics, providing real-time insights into prices, trends, and market dynamics.
CoinDesk Insights – a digital asset media and events provider and operator of Coindesk.com, a digital media platform that covers news and insights about digital assets, the underlying markets, policy, and blockchain technology.
Reports To
Head of Internal Audit
The Team / The Role
Bullish’s Internal Audit team in Hong Kong provides independent assurance across the business, covering financial, operational, and technology control environments. As a fast-growing, globally regulated digital asset exchange, Bullish relies on robust technology and IT controls to underpin its platforms, data infrastructure, and
regulatory compliance frameworks. The Senior Associate, Internal Audit will be a specialist contributor within the Hong Kong team, reporting to the Head of Internal Audit, with primary responsibility for Technology & IT audit work. This is an excellent opportunity for a technology audit professional looking to deepen their expertise in a dynamic digital asset environment.
Role & Responsibilities
Internal Audit
- Plan and execute Technology and IT audit engagements covering IT general controls (access management, change management, IT operations, and SDLC), application controls, and cybersecurity.
- Conduct risk-based assessments of Bullish’s technology infrastructure, cloud environments, trading platforms, and data management processes.
- Document audit scope, test procedures, findings, and recommendations clearly in workpapers in accordance with Internal Audit methodology.
- Identify IT control deficiencies, assess risk impact, and engage with technology stakeholders to agree practical remediation plans.
- Support integrated audits by providing technology-focused assurance alongside financial and operational audit colleagues.
- Maintain current knowledge of technology risk and cybersecurity frameworks (e.g., ITIL, COBIT, NIST, ISO 27001) and their application in a digital asset context.
- Assist the Head of Internal Audit in annual risk assessment, audit planning, and reporting to senior management and the Audit Committee.
- Liaise with the business to ensure issues are timely and practically remediated
- Partner with the business to identify areas for improvement and optimization
SOX
- Conduct testing to evaluate the design and operating effectiveness of internal controls over financial reporting in support SOX 404(a) management testing
- Track, monitor, and validate the remediation of control gaps/issues identified through testing
Experience & Qualifications
- 2–3 years of audit experience (internal or external), with a focus on Technology, IT, or Information Systems, and some exposure to leading engagements preferred.
- Experience in financial services, fintech, digital assets (including custody infrastructure and operations), or a regulated technology environment strongly preferred.
- Bachelor’s degree in related discipline (Computer Science / Information Technology / Accounting / Finance etc.)
- Professional qualification in progress or completed: CISA or CISSP are strongly preferred; CIA, CPA, ACCA, or HKICPA also valued.
- Working knowledge of IT general controls frameworks and relevant standards (ITIL, COBIT, NIST CSF, ISO 27001, SOC 2). Familiarity with cloud platforms (AWS, GCP, or Azure) and associated control considerations.
- Strong written and verbal communication skills in English
- Exposure to LLM-based tools and AI-assisted processes, and interest in how these intersect with audit and risk.
- Self-starter comfortable getting hands-on with building agentic AI solutions using LLM tools to enhance audit processes (e.g., automating control testing, evidence gathering, or RCM maintenance).
Bonus
- Experience with data analytics tools (e.g. Python, SQL, ACL/IDEA) to support audit testing.
- Familiarity with cryptocurrency, blockchain technology, smart contracts, or digital asset markets.
- Total compensation includes base salary, annual performance bonus, MPF employer contributions, and a comprehensive benefits package.
Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.