Job Requirements
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
- Relevant professional certifications (at least one required), such as:
- CISSP, CISA, CISM, CEH, ISO 27001 Lead Implementer, or equivalent.
- Minimum 3–5 years of experience in IT Security, particularly in Governance, Risk, and Compliance (GRC).
- Prior experience in Payment Gateway, or Financial Services industry is a strong plus.
- Proven experience in implementing and managing IT security architecture across hardware, operating systems, networks, databases, and applications.
- Solid experience in security audits and ensuring compliance with industry standards (e.g., PCI DSS, ISO 27001, NIST) and local regulations (e.g., Bank Indonesia, OJK).
- Strong understanding of network, endpoint, and application security principles.
- Hands-on experience with Vulnerability Management tools (e.g., Nessus, Qualys, Rapid7, OpenVAS).
- Proficient in developing and implementing IT security policies and procedures.
- Experience in security incident handling and forensic investigation.
- Familiar with SIEM tools (Security Information and Event Management) and real-time threat monitoring.
- Capable of conducting risk assessments and preparing comprehensive security documentation.
- Deep knowledge of security frameworks such as ISO 27001, NIST CSF, COBIT, or equivalent.
- Ability to conduct security awareness training across different levels of the organization.
- Strong communication skills, especially in presenting security findings and recommendations to non-technical stakeholders.
- Collaborative mindset with the ability to work cross-functionally with IT, compliance, legal, and business teams.
- Proactive problem-solver with the ability to respond quickly and effectively in security incidents.
Job Description
- Develop and implement comprehensive IT security architecture covering the security of hardware, operating systems, networks, databases, and applications.
- Implement IT Security Policies in accordance with industry standards and regulatory requirements.
- Deploy Vulnerability Management Solutions and lead necessary remediation efforts proactively.
- Continuously monitor and assess IT security to detect and respond to potential threats.
- Conduct security awareness training for staff to enhance understanding and vigilance regarding information security.
- Lead security incident response efforts in collaboration with relevant stakeholders, and perform forensic analysis to identify root causes and impacts.
- Stay up to date with the latest security trends and technological developments to ensure effective protection against emerging threats.
- Responsible for maintaining the information security system by adhering to security policies, protecting company data, and reporting suspicious activities that may pose a threat to information security.