IT Security & GRC Lead

Job Description:

1. Define and lead implementation of information security standard, framework, and roadmap across on premise and cloud environments
2. Lead day to day IT Security operational such as policy enforcement, threat detection and assesment, monitoring CSIRT reports and updates, and work with other departement sin cybersecurity incident prevention and handling
3. Evaluate and work with information security partners and vendors on provision and delivery of cybersecurity solution and services such as penetration test and vulnerability assesments
4. Lead and promote security awareness initiatives to cultivate a strong cybersecurity culture in the company.
5. Prepare, maintain, and lead audit and certification activities, including but not limitied to ISO/IEC 27001 and J-SOX
6. Establish and maintain up-to-date information security-related document, including policies, procedures, and guidelines to safeguard company data, systems, and networks, to ensure compliance with ISO and PCI standards and internal and external regulations such as POJK, PBI, and UU PDP

Job Requirements:

1. Bachelor Degree in Computer Science / Information Technology / Information System

2. At least 5 years of working experience as IT Security and GRC

3. Solid & proven experience of Information Security technologies concepts: network security, endpoint protection, cloud security, encryption, IAM and threat

4. Solid & proven experience security tools such as SIEM, IDS/IPS, vulnerability scanners and penetration testing suites. Experience with DevSecOps and Secure Coding will be advantage

5. Solid & proven experience building and leading a ateam across operational security management, incident handling and policy enforcement. Background in Financial Service Industry will be advantage.

6. Solid & proven experience in Governance, Risk and Compliance preferably within Financial Service Industry including working with regulations such as POJK, PBI, as well UU PDP

7. Solid & proven experience in leading ISO/IEC 270001:2022 certification as well as SOX 404/J-SOC, audits, PCI-DSS, PA-DSS/PCI-SSC, ISO/IEC 27017, and ISO/IEC 27018 experience would be benefitical.