Join our team as the Head of IT Security, a strategic leadership role within our Information Security Organization. You will act as a trusted advisor to the business, driving security strategy, managing risk, and ensuring compliance with global standards in an increasingly complex threat landscape.
Role Overview
As the Head of IT Security, you will lead the firm's information security agenda—shaping strategy, ensuring regulatory compliance, and safeguarding our organization against evolving cyber threats. You will collaborate closely with senior leadership and global stakeholders to deliver resilient and effective security practices.
Key responsibilities
- Lead the Information Security function, including strategy development, budgeting, and program execution aligned with global priorities
- Oversee information security risk management (risk assessments, mitigation planning, and escalations)
- Ensure compliance with global security policies and frameworks (e.g., ISO 27001), including exception management
- Manage and coordinate security operations such as vulnerability management, change management, and incident response
- Act as the primary liaison with Global Security & Risk Management teams
- Engage key stakeholders across business functions (Legal, HR, Privacy, IT, etc.)
- Drive organization-wide security awareness initiatives (training, phishing simulations, threat intelligence sharing)
What we're looking for
- 13–15 years of experience in information security & risk management, including ≥5 years in leadership roles
- Strong expertise across cybersecurity domains: risk management, architecture, cloud security, incident response, vulnerability management
- In-depth knowledge of frameworks such as ISO 27001, NIST, SOC 2
- Proven ability to influence stakeholders and collaborate across global and local teams
- Strong analytical and reporting capabilities for security metrics and risk insights
- Experience in developing and enforcing security policies and standards
- Fluent in English (verbal & written)
- Demonstrated leadership in governance, stakeholder management, and driving enterprise security initiatives
Preferred Qualifications
- Certifications: CISSP, CISM, ISO/IEC 27001 Lead Implementer/Auditor
- Experience with Secure SDLC, DevSecOps, or security automation
- Familiarity with data privacy regulations
- Exposure to threat intelligence platforms and security automation tools
How to apply
Submit your application online at https://careers.kpmg.co.id/ or email your CV to [Confidential Information] with the subject:
[Position Applied] – [Candidate Name]
Example: Head of IT Security – John Doe
All applications are strictly confidential, and only short-listed candidates will be contacted. Apply now to kickstart your career with KPMG Indonesia!
