IT GRC Specialist (SDE 3)

The IT GRC Specialist (SDE3) plays a critical role in supporting Kredivo Group’s Information Security and Compliance efforts. This role focuses on driving IT Governance, Risk, and Compliance (GRC) activities across our international entities—Vietnam, Thailand, and the Philippines. While the candidate will report to the IT GRC Lead based in Indonesia, they are expected to operate independently and act as the main PIC for all IT GRC matters in the international markets, including coordinating audits, managing controls, and supporting local teams on compliance initiatives.

About the job:

Internal & External IT Audit Management & Coordination:

1. Act as the main PIC and lead strategies to manage increasing volumes of IT audits and compliance assessments, including ISO 27001, ITGC, Regional Financial IT Audits, Lender Assessments, and local regulator reviews in international markets.
2. Serve as the primary point of contact for all internal and external audit activities related to international entities.
3. Coordinate end-to-end audit processes, including scope alignment, scheduling, evidence collection, issue tracking, and closure.
4. Collaborate effectively with Internal Audit, External Auditors, and third-party assessors to facilitate smooth and timely assessments.
5. Ensure audits stay aligned with agreed scopes while maintaining strong professional relationships with all audit stakeholders.
6. Evaluate audit findings and work with cross-functional teams to define and implement corrective actions, ensuring alignment between audit results and actual implementation across the organization.

International IT GRC Ownership (VN, TH, PH)

1. Develop and establish the IT GRC framework in Vietnam, Thailand, and the Philippines, aligning with Kredivo Group’s global standards while addressing local requirements.
2. Conduct regular internal evaluations and risk assessments of IT and security controls to identify gaps and opportunities for improvement.
3. Implement and monitor adherence to Kredivo Group’s security policies and procedures, ensuring both local compliance and global alignment.
4. As main PIC compliance support for any country-specific regulatory requirements (e.g., State Bank of Vietnam) and lender-related audits, acting as the key liaison for international entities.
5. Maintain structured and auditable documentation, trackers, and progress reports for all IT GRC activities in the international markets.

Internal IT GRC & Compliance Support

1. Contribute to the development and continuous improvement of information security policies, standards, and procedures, ensuring relevance across all Kredivo Group entities.
2. Support the enhancement and localization of the Information Security Compliance Program to meet both global and region-specific requirements.
3. Perform and support access control reviews, enforcement of least privilege, and policy implementation—particularly in cloud, infrastructure, and endpoint environments.
4. Work closely with the Security Awareness team to tailor campaigns for international teams and track their effectiveness.
5. Design and maintain IT risk frameworks, and prepare clear reporting on audit status, control effectiveness, and compliance activities for internal stakeholders and leadership.
6. Ensure all documentation, evidence, and review records are clear, auditable, and accessible for internal reviews or external assessments.

About you:

1. Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field.
2. Minimum 5+ years of experience in IT GRC, information security, or IT audit roles—preferably within Big4 consulting firms.
3. Proven experience in IT GRC, information security, or IT audit roles—preferably within financial services, fintech, or Bank industries.
4. Strong understanding of industry-recognized security frameworks (e.g., ISO 27001, NIST, PCIDSS, COBIT) and relevant regulatory requirements (e.g., Local Regulation, GDPR, etc.).
5. Hands-on experience in coordinating and responding to audits, including internal audits, external assessments, and regulatory reviews.
6. Excellent communication in English, interpersonal, and organizational skills, with the ability to engage effectively with both technical and non-technical stakeholders.
7. Self-motivated, detail-oriented, and able to manage multiple priorities with minimal supervision.
8. Prior experience working in a Big Four consulting or audit firm, especially in roles involving IT audit, risk, or compliance.
9. Adept at acting as an internal consultant to cross-functional teams, providing expert guidance on IT GRC and security-related matters.

#LI-RR1