Back to search:It Grc / Jakarta (central)
Job Requirements
  • Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
  • Relevant professional certifications (at least one required), such as:

  • CISSP, CISA, CISM, CEH, ISO 27001 Lead Implementer, or equivalent.

  • Minimum 3–5 years of experience in Governance, Risk, and Compliance (GRC).

  • Prior experience in Payment Gateway, or Financial Services industry is a strong plus.

  • Solid experience in security audits and ensuring compliance with industry standards (e.g., PCI DSS, ISO 27001, NIST) and local regulations (e.g., Bank Indonesia, OJK).

  • Proficient in developing and implementing IT security policies and procedures.

  • Capable of conducting risk assessments and preparing comprehensive security documentation.

  • Deep knowledge of security frameworks such as ISO 27001, NIST CSF, COBIT, or equivalent.

  • Ability to conduct security awareness training across different levels of the organization.

  • Strong communication skills, especially in presenting security findings and recommendations to non-technical stakeholders.
  • Collaborative mindset with the ability to work cross-functionally with IT, compliance, legal, and business teams.
  • Proactive problem-solver with the ability to respond quickly and effectively in security incidents.
Job Description:
  • Develop, review, and update IT policies, procedures, and standards to ensure alignment with business objectives and regulatory requirements.
  • Ensure the company complies with relevant regulations, including but not limited to GDPR, PCI-DSS, ISO 27001, and SOX.
  • Coordinate with the Legal & Compliance teams to ensure regulatory alignment.
  • Manage IT audits and properly follow up on audit findings.
  • Conduct training and awareness programs on compliance requirements and best practices for employees.
  • Develop and maintain IT-related disaster recovery and business continuity plans.
  • Maintain an up-to-date list of IT and cybersecurity risks, along with corresponding mitigation plans.
  • Responsible for maintaining the information security system by adhering to security policies, protecting company data, and reporting any suspicious activities that may threaten information security.
Apply on the website