IT Governance, Risk & Compliance (IT GRC)

Responsibilities

• Identify risks, define Key Risk Indicators (KRI), and establish mitigation controls
• Develop and maintain IT Risk Register and periodic risk/compliance reports
• Draft and update IT governance policies, procedures, and guidelines
• Perform gap analysis against frameworks/standards (e.g., COBIT, ISO, ICoFR)
• Manage and ensure effectiveness of IT risk controls in business processes
• Act as Level-1 risk handler
• Support internal and external audits (preparation, execution, follow-up, and monitoring)
• Act as audit liaison for all IT audits (internal, external, regulatory)
• Manage audit findings and ensure proper execution of action plans
• Prepare risk and compliance reports for Management and relevant stakeholders
• Develop and implement IT Governance & Risk Management frameworks
• Collaborate with Risk Management, Compliance, Security, and Internal Audit teams
• Coordinate across domains (data, applications, infrastructure, security)
• Identify and monitor risks and inter dependencies across projects

Qualifications

• Bachelor's degree in Information Technology or a related field
• Minimum 6 years of experience in IT, particularly in IT Governance, Risk & Compliance (GRC)
• Strong understanding of IT GRC concepts and implementation
• Solid knowledge of IT Controls & IT General Controls (ITGC)
• Experience in ISO 27001 implementation
• Good understanding of information security and data protection regulations
• Proficient in both Indonesian and English (spoken and written)
• Strong communication skills
• Relevant certifications (e.g., CISA, CRISC, ISO) are a plus

Required Skills

• Understanding of IT Demand & Value Intake Governance processes
• Experience in Benefit Realization & Value Assurance
• Exposure to Data & Digital Integration initiatives
• Familiarity with frameworks such as COBIT, ISO, ICoFR