Head Information Technology Security

We are looking for a highly skilled Head of IT Security to lead the development, implementation, and management of a comprehensive information security strategy aligned with business objectives. This role will ensure compliance with regulatory requirements, manage security teams, and safeguard the company's digital assets across on-premise and cloud infrastructures.

• Develop and manage an effective Incident Response Program, including detection, analysis, containment, eradication, recovery, and incident reporting.
• Design and implement security strategies, policies, procedures, and standards in alignment with regulatory requirements (especially Indonesia's Law) and industry standards (ISO/IEC 27001, NIST CSF, SNI ISO/IEC 27032, SNI IEC).
• Conduct regular information security risk assessments to identify vulnerabilities and threats across both on-premise and cloud environments.
• Lead and manage the IT Security team, including recruitment, training, and professional development.
• Ensure application security and API integration with vendors, including implementation of Secure Software Development Lifecycle (SSDLC), security testing, and protection against common attacks (e.g., OWASP Top 10).
• Ensure compliance with Indonesia's PDP Law, including management of data subject rights, personal data transfers, and, if required, act as or work closely with the Data Protection Officer (DPO).
• Perform internal and external security audits and maintain relationships with auditors and regulators.
• Develop and manage the IT security budget and oversee security vendors.
• Stay updated on emerging cybersecurity threats, security technologies, and regulatory developments.

• Minimum 7–10 years of professional experience in information security, with at least 3–5 years in a leadership or managerial role (e.g., Security Manager, Lead Security Engineer).
• Proven experience in securing hybrid infrastructure (on-premise and multi-cloud).
• Familiarity with Tencent Cloud, Alibaba Cloud, and Zetta Grid is highly preferred.
• Strong background in risk management, vulnerability assessment, penetration testing, and incident response.
• In-depth knowledge of data security regulations (especially Indonesia's PDP Law) and industry standards (ISO/IEC 27001, NIST Cybersecurity Framework).

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

• CISSP – Certified Information Systems Security Professional
• CISM – Certified Information Security Manager
• CCSP – Certified Cloud Security Professional
• CEH – Certified Ethical Hacker
• GSLC – GIAC Security Leadership Certification