Qualifications
Bachelor's or Master's degree in Computer Science, Information Technology, Business Administration, or related fields.
Minimum 6 years of progressive experience in IT Governance, IT Risk Management, IT Audit, or IT Compliance.
Preferred Certifications (strong plus):
Certified Information Systems Auditor (CISA)
Certified in Governance of Enterprise IT (CGEIT)
Certified Information Security Manager (CISM)
ITIL or COBIT (especially COBIT 5 / COBIT 2019)
Job-Desc :
Develop, implement, and continuously improve IT governance frameworks aligned with COBIT, ISO 27001, and ISO 31000.
Perform IT risk assessments, define mitigation plans, and monitor risk postures.
Ensure ongoing compliance with key regulations like SOX, GDPR, HIPAA, PCI DSS, and local data privacy laws (Indonesia's PDP Law).
Collaborate with internal/external audit teams; manage audit findings and ensure timely closure.
Standardize IT policies, procedures, and control documents across business units.
Support alignment of IT controls with NIST Cybersecurity Framework and other relevant standards.
Manage or assist in implementing GRC platforms (e.g., RSA Archer, ServiceNow GRC, MetricStream, OneTrust).
Report regularly on risk trends and compliance metrics to senior leadership or audit committees.
Drive GRC awareness across the organization through training, workshops, and internal communication.
Soft Skills & Competencies
Proven leadership with the ability to influence cross-functional teams.
Excellent communication and presentation skills — able to convey complex ideas to both technical and executive stakeholders.
Strong analytical and problem-solving skills.
High integrity and ability to manage confidential or sensitive information.