Role Description
We are looking for a highly skilled
Head of IT Security
to lead the development, implementation, and management of a comprehensive information security strategy aligned with business objectives. This role will ensure compliance with regulatory requirements, manage security teams, and safeguard the company's digital assets across on-premise and cloud infrastructures.
Key Responsibilities:
- Develop and manage an effective
Incident Response Program
, including detection, analysis, containment, eradication, recovery, and incident reporting. - Design and implement
security strategies, policies, procedures, and standards
in alignment with regulatory requirements (especially
Indonesia's PDP Law
) and industry standards (ISO/IEC 27001, NIST CSF, SNI ISO/IEC 27032, SNI IEC - Conduct regular
information security risk assessments
to identify vulnerabilities and threats across both on-premise and cloud environments. - Lead and manage the
IT Security team
, including recruitment, training, and professional development. - Ensure application security and
API integration with vendors
, including implementation of
Secure Software Development Lifecycle (SSDLC)
, security testing, and protection against common attacks (e.g.,
OWASP Top 10
). - Ensure compliance with
Indonesia's PDP Law
, including management of data subject rights, personal data transfers, and, if required, act as or work closely with the
Data Protection Officer (DPO)
. - Perform
internal and external security audits
and maintain relationships with auditors and regulators. - Develop and manage the
IT security budget
and oversee security vendors. - Stay updated on emerging
cybersecurity threats, security technologies, and regulatory developments
.
Qualifications
Experience:
- Minimum
7–10 years
of professional experience in
information security
, with at least
3–5 years
in a leadership or managerial role (e.g., Security Manager, Lead Security Engineer, or equivalent). - Proven experience in securing
hybrid infrastructure
(on-premise and multi-cloud). Familiarity with
Tencent Cloud, Alibaba Cloud, and Zetta Grid
is highly preferred. - Strong background in
risk management, vulnerability assessment, penetration testing, and incident response
. - In-depth knowledge of
data security regulations
(especially Indonesia's PDP Law) and industry standards (ISO/IEC 27001, NIST Cybersecurity Framework).
Educational Background:
- Bachelor's degree
in Computer Science, Information Technology, Cybersecurity, or a related field.
Preferred Certifications:
- CISSP
– Certified Information Systems Security Professional - CISM
– Certified Information Security Manager - CCSP
– Certified Cloud Security Professional - CEH
– Certified Ethical Hacker - GSLC
– GIAC Security Leadership Certification