ID - GRC Specialist

The Governance, Risk, and Compliance (GRC) Specialist will play a key role in strengthening our overall compliance posture by implementing, maintaining, and improving our internal governance frameworks. This role requires learning the local laws and regulations in addition to assessing business processes, managing risk registers, supporting both internal and external audits, and ensuring alignment with relevant compliance frameworks. The ideal candidate should have experience in IT governance, data privacy, and operational risk management, preferably within a technology or SaaS environment.

• Provide guidance on and interpretation of key Indonesian regulations impacting our digital operations, including but not limited to PSE, PSRE, and the Personal Data Protection Law (UU PDP), ensuring compliance with data privacy and security requirements.
• Keep track of relevant local laws and regulations related to technology, telecommunications, data localization, and cross-border data transfers.
• Develop and maintain a comprehensive risk register for all Indonesian operations, focusing on regulatory, operational, and reputational risks in alignment with ISO 27001 and other standards as required.
• Drive the implementation of effective internal controls across various departments to mitigate identified risks.
• Prepare and present periodic reports to senior management on compliance status, risk posture, and governance effectiveness.
• Collaborate closely with the HR team to monitor updates to Indonesian labor laws and regulations (e.g. Omnibus Law/Cipta Kerja, ministerial decrees).
• Serve as a point of contact for external audits.
• Proactively learn and understand business processes and Zoho’s products, including attending events for learning products, to ensure understanding of the impact of regulations and to provide contextually accurate regulatory guidance.
• Conduct internal audits for different offices as needed.
• Travel to corporate headquarters in India for training and collaboration.

• Bachelor’s degree in Law, Finance, Accounting, Information Technology, Business, or a relevant field of studies.
• Minimum of 3 years’ experience in governance, risk, or compliance within a technology or IT services industry.
• Good understanding of ISO 27001, ISO 27701, SOC 2 and PDPA (Indonesia and/or other regional privacy laws).
• Experience with risk assessment methodologies and compliance management tools.
• Strong analytical and documentation skills with high attention to detail.
• Excellent communication and interpersonal skills for engaging with cross-functional teams.
• Professional certifications such as ISO 27001 Lead Implementer/Auditor, CISA, CRISC or similar are an advantage.
• Fluency in English and Bahasa Indonesia is required for communicating with stakeholders.

• Decisiveness: Able to provide clear compliance guidance, even in ambiguous regulatory situations.
• Analytical Thinking: Strong ability at analyzing complex legal texts and translating them into practical business requirements.
• Integrity: Demonstrates highest level of professionalism and ethical standards.
• Proactive Monitoring: Committed to continuously tracking new and emerging legislation.