IT GRC Manager

Key Responsibilities:

• Own end-to-end engagement lifecycle: scope, plan, deliver, report, close.
• Design/refresh governance, risk, and control frameworks aligned to COBIT, ISO/IEC 27001, ITIL, etc.
• Lead risk assessments, control design/effectiveness testing, and remediation governance.
• Translate PBI/POJK into actionable controlobjectives, test steps, and evidence models.
• Review/sign-off deliverables (risk registers, control matrices, test scripts, workpapers, executive reports).
• Build accelerators (templates, controlcatalogs/mappings) and light automation for evidence.
• Provide on-the-job coaching and formal feedback.

Job Qualifications:

• 710+ years in IT audit/tech risk/security/compliance.
• Strong command of COBIT 2019, ISO/IEC 27001:2022, ITIL and control testing/risk methods.
• Hands-on with PBI/POJK programs in financial services or similarly regulated sectors.
• Excellent client communication & executive reporting.
• Comfortable with sampling, evidence strategies, dashboards/KRIs for remediation tracking.
• Exposure to cloud, IAM, data protection, and third-party risk.
• Preferred: CISA, CRISC, CISSP, ISO 27001 LI/LA, ITIL.
• Familiarity with GRC tools.