Bitdeer Technologies Group logo

AI Cloud Security Compliance Manager

Bitdeer Technologies Group
28 days ago
Full-time
On-site
Singapore, Singapore

About Bitdeer:

Bitdeer is a world-leading technology company for Bitcoin mining and AI cloud.

Bitdeer is committed to providing comprehensive Bitcoin mining solutions for its customers. Apart from designing industry-leading ASIC chips and manufacturing mining rigs, the Group handles complex processes involved in computing across the value chain. This includes equipment procurement, transport logistics, datacenter design and construction, equipment management, and network and facility operations. Bitdeer also offers advanced cloud capabilities to customers with a high demand for artificial intelligence.

Headquartered in Singapore, Bitdeer operates globally with a diversified 3 GW energy portfolio, and deploys Bitcoin mining and HPC datacenters in the United States, Bhutan, Norway, Canada, Malaysia, and Ethiopia.

About the team

Own the security compliance program for Bitdeer's AI Cloud business line, leading multi-framework certifications, AI governance implementation, customer compliance engagement, and evidence automation. This role requires both traditional cloud compliance expertise (SOC 2, ISO 27001) and emerging AI compliance frameworks (ISO 42001, NIST AI RMF, EU AI Act, IMDA AI Verify), as well as the ability to engage platform engineering teams at a deep technical level.

What you will be responsible for:

  • Multi-Framework Certification Leadership
    • Serve as Program Owner for AI Cloud's SOC 2 Type I/II and ISO/IEC 27001:2022 certifications, managing the end-to-end process from gap assessment through certification. Define audit scope covering GPU bare metal, virtualized GPU, AI Studio, model hosting, and other product modules.
    • Lead ISO/IEC 42001 (AI Management System) certification, designing AI governance processes, AI Impact Assessments, and model lifecycle controls from the ground up.
    • Plan and drive additional certifications such as CSA STAR Level 2 and IMDA AI Verify framework adoption.
    • Build and maintain a Unified Control Framework that maps SOC 2 TSC, ISO 27001 Annex A, ISO 42001, CCM, and NIST AI RMF requirements into a single control library to eliminate cross-framework duplication.
    • Coordinate external audit firms (Big 4 or equivalent IT audit teams), managing audit timelines, control testing, finding remediation, and management responses.
  • AI Governance & Emerging AI Regulation Implementation
    • Operationalize NIST AI RMF (Govern / Map / Measure / Manage) into concrete governance processes and control points for the AI Cloud platform.
    • Track EU AI Act implementation timeline (especially GPAI provisions effective 2 August 2026), assess responsibility pass-through for AI Cloud customers hosting high-risk AI systems, and design compliance guardrails.
    • Lead IMDA AI Verify framework adoption and engagement with Singapore local regulators.
    • Translate OWASP LLM Top 10 and MITRE ATLAS into AI Cloud security control checklists, partnering with platform teams to operationalize detection capabilities.
    • Design AI model supply chain governance — customer-uploaded model weight review, Hugging Face / GitHub model source security assessment, Model Card and Datasheet requirements.
  • Customer Compliance & Sales Enablement
    • Serve as the AI Cloud security team's primary customer-facing compliance interface, responding to Security Questionnaires (SIG Lite/Core, CAIQ v4, custom customer templates).
    • Maintain the Trust Center / Security Portal, proactively publishing AI Cloud security control descriptions, compliance certificates, pen test summaries, and SOC 2 bridge letters to reduce repeated customer inquiries.
    • Support Sales and Solution Architect teams in addressing customer AI security concerns during the pre-sales phase — training data isolation, model weight confidentiality, inference API non-retention.
    • Negotiate security and privacy clauses in customer contracts (DPA, SLA, Right to Audit, Breach Notification Timeline) with technical and compliance input.
    • Coordinate and execute customer audits, including on-site or remote audits of AIDC facilities.
  • Technical Control Evidence Automation & GRC Platform Operations
    • Lead GRC platform selection (Vanta / Drata / Secureframe / OneTrust / Tugboat Logic) and drive deployment.
    • Design evidence automation integrating AI Cloud's critical technical systems: cloud management platform, HIDS (Wazuh), Tetragon, Kafka audit pipeline, Vault, Teleport, Jira, Git.
    • Drive evidence collection automation rate to 70%+, dramatically reducing manual evidence gathering.
    • Collaborate with SecOps to establish continuous control effectiveness monitoring, ensuring controls remain auditable outside formal audit periods.
  • AI Cloud Business Line Security Governance
    • Draft, maintain, and publish the AI Cloud security policy framework (Information Security Policy, Access Control, Incident Response, Business Continuity, AI Ethics, etc.).
    • Build and maintain the AI Cloud risk register; lead quarterly risk assessment meetings and produce risk heat maps for management reporting.
    • Lead AI Cloud vendor security assessments (SOC 2 report review, SBOM review, security questionnaire issuance).
    • Provide SOX ITGC evidence within the AI Cloud scope, supporting group internal and external audits.
    • Partner with Legal on technical execution of PDPA, GDPR, and other privacy compliance work (DPIA, ROPA, customer data transfer assessments).

How you will stand out:

  • Bachelor's degree or higher in Computer Science, Information Security, Information Systems Audit, or a related field.
  • 8+ years in information security or IT audit, with at least 4 years in a GRC / compliance certification leadership role (not a supporting role) focused on cloud services (IaaS/PaaS) or data center business.
  • Demonstrated end-to-end ownership of at least 2 of the following frameworks from gap assessment through certification: SOC 2 Type II, ISO/IEC 27001, ISO/IEC 42001, CSA STAR, PCI DSS, HIPAA. Candidates with combined SOC 2 + ISO 27001 experience strongly preferred.
  • Familiar with GPU cloud, AI training/inference infrastructure, or equivalent high-performance computing (HPC) business background. Able to engage platform engineers at a technical level, not just paper-based GRC.
  • Working knowledge of cloud-native technology stack: Kubernetes, KVM/QEMU virtualization, Linux systems, IAM (Okta / Keycloak), CSPM tools. Able to understand the implementation of technical controls.
  • Hands-on experience with at least one GRC platform: Vanta, Drata, Secureframe, OneTrust, or ServiceNow GRC.
  • At least one of the following certifications: ISO 27001 Lead Auditor / Lead Implementer, CISA, CISSP, CCSK, CCSP.
  • Professional fluency in both English and Mandarin Chinese — able to independently author policies and audit reports in both languages, engage international audit firms and overseas customers in English, and communicate strategically with Mandarin-native management in Chinese.

Strongly Preferred:

  • Compliance experience with AI / machine learning / LLM service businesses, with hands-on implementation of ISO 42001 or NIST AI RMF.
  • Background in security compliance at GPU cloud providers, supercomputing centers, large AI labs, or AIDC operators (CoreWeave, Lambda, Crusoe, Together AI, or comparable).
  • Understanding of NVIDIA GPU cluster architecture, InfiniBand, NCCL, and MIG / vGPU isolation mechanisms.
  • Familiarity with EU AI Act, IMDA AI Verify, Singapore Model AI Governance Framework, and other AI regulatory frameworks.
  • Prior experience at Big 4 IT Risk Advisory (Deloitte / PwC / EY / KPMG) or hyperscaler GRC/Compliance teams (AWS / GCP / Azure).
  • Hands-on experience handling Security Questionnaires and customer audits from Fortune 500 or financial institution customers.
  • Basic scripting skills (Python / SQL / Shell) to independently extract compliance evidence from logs, databases, and APIs.

What you will experience working with us:

  • A culture that values authenticity and diversity of thoughts and backgrounds;
  • An inclusive and respectable environment with open workspaces and exciting start-up spirit;
  • Fast-growing company with the chance to network with industrial pioneers and enthusiasts;
  • Ability to contribute directly and make an impact on the future of the digital asset industry;
  • Involvement in new projects, developing processes/systems;
  • Personal accountability, autonomy, fast growth, and learning opportunities;
  • Attractive welfare benefits and developmental opportunities such as training and mentoring.

--------------------------------------------------------------------

Bitdeer is committed to providing equal employment opportunities in accordance with country, state, and local laws. Bitdeer does not discriminate against employees or applicants based on conditions such as race, colour, gender identity and/or expression, sexual orientation, marital and/or parental status, religion, political opinion, nationality, ethnic background or social origin, social status, disability, age, indigenous status, and union.


#LI-ST1