IT Security (Great Eastern General Indonesia)

Job Description :

1. Security Operations & Incident Management

• Lead daily security monitoring using SIEM, EDR/XDR, WAF, and other security tools.
• Manage and investigate security incidents, including detection, containment, eradication, recovery, and reporting.
• Oversee security monitoring for Infra, application in operation

2. Governance, Risk & Compliance (GRC)

• Develop, review, and enforce Information Security Policies and Standards.
• Conduct IT and cybersecurity risk assessments for systems, vendors, and business processes related to general insurance
• Support internal and external audits related with IT Security

3. Vulnerability & Threat Management

• Lead vulnerability scanning, penetration testing coordination, and follow-up remediation activities.
• Work closely with infrastructure, network, and application teams for patching, hardening, and mitigation.

4. Identity & Access Management (IAM)

• Oversee user access lifecycle, including provisioning, deprovisioning, and periodic access review.
• Ensure strong access controls, including MFA and least‑privilege principle across systems and cloud environments.

5. Security Engineering & Implementation

• Provide security architecture guidance for new projects, applications, and integrations.
• Manage implementation and enhancement of security technologies such as DLP, email security, SASE/Zero Trust, endpoint protection, and encryption.

6. Awareness & Leadership

• Drive cybersecurity awareness programs for employees and agents.
• Mentor junior security staff and collaborate with IT and business stakeholders on security-related initiatives.

Requirements :

1. Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field.
2. Minimum 5 years of experience in IT Security, Cybersecurity
3. At least 1–2 years of experience in a supervisory or team lead role.
4. Experience working in the financial services or insurance sector is an advantage.
5. Strong leadership, coordination, and communication skills
6. Fluent in English (both written and oral)
7. Able to explain complex risks to non‑technical stakeholders
8. Possess analytical, detail‑oriented, and able to work under pressure during security incidents.
9. Strong knowledge of network security, firewalls, IDS/IPS, VPN, and network segmentation.
10. Hands‑on experience with SIEM, EDR/XDR, DLP, email security, WAF, and cloud security (Azure/AWS).
11. Strong understanding of ISO 27001, NIST CSF, CIS Controls, and cybersecurity best practices.
12. Experience conducting or coordinating vulnerability assessments and penetration tests.
13. Preferred Certifications (a strong plus)

• CompTIA Security+
• CEH, eCPPT
• ISO 27001 Lead Implementer / Lead Auditor
• Microsoft SC‑200 / SC‑300
• CISSP or CISM