IT GRC Analyst (SDE 2)

The IT GRC Specialist (SDE2) will be a contributing member of the IT Governance, Risk, and Compliance (GRC) team, providing essential support to various IT GRC functions across entities within the Kredivo Group. This role will primarily focus on assisting with access control management, supporting third-party security assessments, contributing to compliance initiatives, and aiding internal IT GRC operations. The specialist will help ensure foundational compliance, risk management, and governance practices are upheld within the organization's information systems and technology landscape.

About the job:

Access Control Management (50%):

• Support in the oversight and continuous improvement of information security controls related to user access management.
• Support efforts in ensuring appropriate access provisioning, least privilege enforcement, and periodic access reviews for internal and/or external tools
• Contribute to evaluating the effectiveness of security measures like configuration management practices in infra, network, endpoint, & cloud services in particular as they relate to access controls.

The IT GRC Specialist (SDE2) will be a contributing member of the IT Governance, Risk, and Compliance (GRC) team, providing essential support to various IT GRC functions across entities within the Kredivo Group. This role will primarily focus on assisting with access control management, supporting third-party security assessments, contributing to compliance initiatives, and aiding internal IT GRC operations. The specialist will help ensure foundational compliance, risk management, and governance practices are upheld within the organization's information systems and technology landscape.

About the job:

Access Control Management (50%):

• Support in the oversight and continuous improvement of information security controls related to user access management.
• Support efforts in ensuring appropriate access provisioning, least privilege enforcement, and periodic access reviews for internal and/or external tools
• Contribute to evaluating the effectiveness of security measures like configuration management practices in infra, network, endpoint, & cloud services in particular as they relate to access controls.

• Initiate, collect, & validate security review for new vendor engagements by sending TPSA (Third-Party Security Assessment) forms
• Coordinate with internal teams (InfoSec, Legal, Procurement) for review and input.
• Assess vendor responses to identify security and compliance risks.
• Classify risk levels (Low/Medium/High) and provide recommendations.
• Ensure vendor engagement meets company's security and regulatory standards (e.g., ISO 27001, OJK, Bank Indonesia, other regulatory).
• Track and document the entire assessment process for audit and reporting purposes.
  Escalate high-risk findings and support follow-up with vendors.

• Contribute to maintaining and improving the company-wide Information Security Compliance Program by ensuring alignment with internal policies and applicable regulations.
• Assist in the creation, implementation, and maintenance of information security policies, procedures, and control practices to align with internal processes and regulatory requirements.
• Support strategies to handle increasing volumes of IT compliance assessments, including those related to ISO 27001, ITGC, OJK, and Bank Indonesia and other regulations.
• Collaborate for Information Security Awareness activity to ensure alignment of security awareness efforts with compliance requirements and contribute to tracking its effectiveness.

FinAccel is a fun, fast growing company with lofty ambitions. Starting with instant ecommerce financing, we are on a goal to disrupt unsecured lending in Southeast Asia, one of the fastest growing economic regions globally.

The company leverages deep data analytics across users’ digital footprint to automate credit risk scoring and access to credit in Southeast Asia, the 7th largest economy in the world.

Our flagship product, Kredivo Buy now, Pay later, enables e-commerce buyers to apply and qualify for instant credit and pay back over time. Merchants using Kredivo benefit from providing point-of-sale financing using a 2-click checkout to eligible buyers. FinAccel is backed by leading investors and regulated by OJK in Indonesia.

To know more about FinAccel and Kredivo, visit www.finaccel.co and www.kredivo.com.

Here is our latest press coverage:

FinAccel is a fun, fast growing company with lofty ambitions. Starting with instant ecommerce financing, we are on a goal to disrupt unsecured lending in Southeast Asia, one of the fastest growing economic regions globally.

The company leverages deep data analytics across users’ digital footprint to automate credit risk scoring and access to credit in Southeast Asia, the 7th largest economy in the world.

Our flagship product, Kredivo Buy now, Pay later, enables e-commerce buyers to apply and qualify for instant credit and pay back over time. Merchants using Kredivo benefit from providing point-of-sale financing using a 2-click checkout to eligible buyers. FinAccel is backed by leading investors and regulated by OJK in Indonesia.

To know more about FinAccel and Kredivo, visit www.finaccel.co and www.kredivo.com.

Here is our latest press coverage:

Alamat email kamu