IT GRC Analyst (SDE 2)

The IT GRC Specialist (SDE2) will be a contributing member of the IT Governance, Risk, and Compliance (GRC) team, providing essential support to various IT GRC functions across entities within the Kredivo Group. This role will primarily focus on assisting with access control management, supporting third-party security assessments, contributing to compliance initiatives, and aiding internal IT GRC operations. The specialist will help ensure foundational compliance, risk management, and governance practices are upheld within the organization's information systems and technology landscape.

About the job:

Access Control Management (50%):

• Support in the oversight and continuous improvement of information security controls related to user access management.
• Support efforts in ensuring appropriate access provisioning, least privilege enforcement, and periodic access reviews for internal and/or external tools
• Contribute to evaluating the effectiveness of security measures like configuration management practices in infra, network, endpoint, & cloud services in particular as they relate to access controls.

Third-Party Security Assessment (20%):

• Initiate, collect, & validate security review for new vendor engagements by sending TPSA (Third-Party Security Assessment) forms
• Coordinate with internal teams (InfoSec, Legal, Procurement) for review and input.
• Assess vendor responses to identify security and compliance risks.
• Classify risk levels (Low/Medium/High) and provide recommendations.
• Ensure vendor engagement meets company’s security and regulatory standards (e.g., ISO 27001, OJK, Bank Indonesia, other regulatory).
• Track and document the entire assessment process for audit and reporting purposes.
  Escalate high-risk findings and support follow-up with vendors.

IT Audit Support (30%):

• Contribute to maintaining and improving the company-wide Information Security Compliance Program by ensuring alignment with internal policies and applicable regulations.
• Assist in the creation, implementation, and maintenance of information security policies, procedures, and control practices to align with internal processes and regulatory requirements.
• Support strategies to handle increasing volumes of IT compliance assessments, including those related to ISO 27001, ITGC, OJK, and Bank Indonesia and other regulations.
• Collaborate for Information Security Awareness activity to ensure alignment of security awareness efforts with compliance requirements and contribute to tracking its effectiveness.

#LI-RR1