IT Governance, Risk, and Compliance

7-9 Years

Save

Early Applicant

Job Description

Job Description

Lead IT governance, risk, and compliance initiatives in line with business objectives, regulatory requirements, and best practices.
Own and lead ISO 27001 audits (surveillance and recertification), acting as the main liaison with external auditors.
Lead IT audits, VAPT coordination, and remediation planning, ensuring timely and effective closure of findings.
Represent the company during regulatory audits, including Bank Indonesia audits, and manage audit responses end-to-end.
Make risk-based decisions on control design, risk acceptance, and mitigation strategies, advising senior stakeholders.
Oversee IT asset governance, policies, and SOPs to ensure audit readiness and regulatory compliance.
Act as Data Protection Officer (DPO), ensuring compliance with data protection and privacy regulations.

Requirements

Bachelor's degree in Information Technology, Computer Science, or a related field.
7+ years of experience in IT GRC, IT Audit, or Information Security, with proven audit leadership experience.
Strong hands-on experience leading ISO 27001 audits and managing external auditors.
Solid understanding of regulatory requirements; experience handling Bank Indonesia audits is highly preferred.
Strong risk assessment and decision-making capabilities, including VAPT oversight and remediation prioritization.
Experience developing and approving IT policies, SOPs, and governance frameworks.
Strong communication and stakeholder management skills, with the ability to influence at senior levels.