Back to search:It Grc / Jakarta (gambir)

Job Requirements

  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
  • Relevant professional certifications (at least one required), such as:
  • CISSP, CISA, CISM, CEH, ISO 27001 Lead Implementer
    , or equivalent.
  • Minimum
    2 years of experience
    in
    Governance, Risk, and Compliance (GRC)
    .
  • Prior experience in
    Payment Gateway
    , or
    Financial Services
    industry is a strong plus.
  • Solid experience in
    security audits
    and ensuring
    compliance with industry standards
    (e.g., PCI DSS, ISO 27001, NIST) and
    local regulations
    (e.g., Bank Indonesia, OJK).
  • Proficient in developing and implementing
    IT security policies and procedures
    .
  • Capable of conducting
    risk assessments
    and preparing comprehensive security documentation.
  • Deep knowledge of security frameworks such as
    ISO 27001, NIST CSF, COBIT
    , or equivalent.
  • Ability to conduct
    security awareness training
    across different levels of the organization.
  • Strong communication skills, especially in presenting security findings and recommendations to non-technical stakeholders.
  • Collaborative mindset with the ability to work cross-functionally with IT, compliance, legal, and business teams.
  • Proactive problem-solver
    with the ability to respond quickly and effectively in security incidents.

Job Description:

  • Develop, review, and update IT policies, procedures, and standards to ensure alignment with business objectives and regulatory requirements.
  • Ensure the company complies with relevant regulations, including but not limited to GDPR, PCI-DSS, ISO 27001, and SOX.
  • Coordinate with the Legal & Compliance teams to ensure regulatory alignment.
  • Manage IT audits and properly follow up on audit findings.
  • Conduct training and awareness programs on compliance requirements and best practices for employees.
  • Develop and maintain IT-related disaster recovery and business continuity plans.
  • Maintain an up-to-date list of IT and cybersecurity risks, along with corresponding mitigation plans.
  • Responsible for maintaining the information security system by adhering to security policies, protecting company data, and reporting any suspicious activities that may threaten information security.
Apply on the website