About Bullish

Bullish is an institutionally focused global digital asset platform that provides market infrastructure and information services. These include: Bullish Exchange – a regulated and institutionally focused digital assets spot and derivatives exchange, integrating a high-performance central limit order book matching engine with automated market making to provide deep and predictable liquidity. Bullish Exchange is regulated in Germany, Hong Kong, and Gibraltar. CoinDesk Indices – a collection of tradable proprietary and single-asset benchmarks and indices that track the performance of digital assets for global institutions in the digital assets and traditional finance industries. CoinDesk Data - a broad suite of digital assets market data and analytics, providing real-time insights into prices, trends, and market dynamics. CoinDesk Insights – a digital asset media and events provider and operator of Coindesk.com, a digital media platform that covers news and insights about digital assets, the underlying markets, policy, and blockchain technology.

Reports to:

Head of Internal Audit

The Team / The Role
Bullish’s Internal Audit team in Hong Kong provides independent assurance across the business, covering financial, operational, and technology control environments. As a fast-growing, globally regulated digital asset exchange, Bullish relies on robust technology and IT controls to underpin its platforms, data infrastructure, and
regulatory compliance frameworks. The Senior Associate, Internal Audit will be a specialist contributor within the Hong Kong team, reporting to the Head of Internal Audit, with primary responsibility for Technology & IT audit work. This is an excellent opportunity for a technology audit professional looking to deepen their expertise in a dynamic digital asset environment.

Role & Responsibilities

Internal Audit

• Plan and execute Technology and IT audit engagements covering IT general controls (access management, change management, IT operations, and SDLC), application controls, and cybersecurity.

• Conduct risk-based assessments of Bullish’s technology infrastructure, cloud environments, trading platforms, and data management processes.

• Document audit scope, test procedures, findings, and recommendations clearly in workpapers in accordance with Internal Audit methodology.

• Identify IT control deficiencies, assess risk impact, and engage with technology stakeholders to agree practical remediation plans.

• Support integrated audits by providing technology-focused assurance alongside financial and operational audit colleagues.

• Maintain current knowledge of technology risk and cybersecurity frameworks (e.g., ITIL, COBIT, NIST, ISO 27001) and their application in a digital asset context.

• Assist the Head of Internal Audit in annual risk assessment, audit planning, and reporting to senior management and the Audit Committee.

• Liaise with the business to ensure issues are timely and practically remediated

• Partner with the business to identify areas for improvement and optimization

SOX

• Conduct testing to evaluate the design and operating effectiveness of internal controls over financial reporting in support SOX 404(a) management testing

• Track, monitor, and validate the remediation of control gaps/issues identified through testing

Experience & Qualifications

• 2–3 years of audit experience (internal or external), with a focus on Technology, IT, or Information Systems, and some exposure to leading engagements preferred.

• Experience in financial services, fintech, digital assets (including custody infrastructure and operations), or a regulated technology environment strongly preferred.

• Bachelor’s degree in related discipline (Computer Science / Information Technology / Accounting / Finance etc.)

• Professional qualification in progress or completed: CISA or CISSP are strongly preferred; CIA, CPA, ACCA, or HKICPA also valued.

• Working knowledge of IT general controls frameworks and relevant standards (ITIL, COBIT, NIST CSF, ISO 27001, SOC 2). Familiarity with cloud platforms (AWS, GCP, or Azure) and associated control considerations.

• Strong written and verbal communication skills in English

• Exposure to LLM-based tools and AI-assisted processes, and interest in how these intersect with audit and risk.

• Self-starter comfortable getting hands-on with building agentic AI solutions using LLM tools to enhance audit processes (e.g., automating control testing, evidence gathering, or RCM maintenance).

Bonus

• Experience with data analytics tools (e.g. Python, SQL, ACL/IDEA) to support audit testing.

• Familiarity with cryptocurrency, blockchain technology, smart contracts, or digital asset markets.

• Total compensation includes base salary, annual performance bonus, MPF employer contributions, and a comprehensive benefits package.

Bullish is proud to be an equal opportunity employer. We are fast evolving and striving towards being a globally-diverse community. With integrity at our core, our success is driven by a talented team of individuals and the different perspectives they are encouraged to bring to work every day.