About The Job
Noraa & Co. is partnering with one of the top public companies in Indonesia to build a strong engineering organization as the backbone of the company's future growth.
Our client is entering a major technology transformation phase, where engineering, infrastructure, cybersecurity, database reliability, DevOps, and IT operations will play a critical role in supporting large-scale business operations across Indonesia.
We are currently hiring for several strategic and senior technical positions.
Position Overview
As the Head of Information Security, you will lead the company's cybersecurity strategy, architecture, and execution. This is a highly technical leadership role, suitable for someone who can operate beyond policy and governance and actively challenge, review, and improve security architecture across engineering, infrastructure, and business systems.
Responsibilities- Security Strategy & Architecture
- Define and execute the company's information security roadmap.
- Lead security architecture across application, infrastructure, cloud, network, endpoint, and identity systems.
- Technical Security Leadership
- Review system designs, identify security risks, and provide practical technical recommendations.
- Embed security practices into engineering, DevOps, infrastructure, and IT operations.
- Security Operations
- Lead vulnerability management, threat monitoring, incident response, penetration testing, and remediation.
- Improve detection, response, and security control effectiveness.
- Governance & Risk Management
- Develop policies, standards, procedures, and security controls.
- Ensure compliance with internal and external security requirements.
- Team Leadership
- Build and lead the information security function.
- Mentor security engineers and improve organizational security awareness.
Qualifications
- Strong hands-on technical background in cybersecurity.
- Deep understanding of application security, infrastructure security, cloud security, IAM, SIEM, SOC, vulnerability management, and incident response.
- Able to review technical architecture and challenge engineering decisions from a security perspective.
- Experience securing large-scale or mission-critical systems.
- Certifications such as CISSP, CISM, CEH, OSCP, CCSP, or equivalent are a plus, but technical depth is the main priority.
