IT Security Engineer (Cybersecurity)

Develop and manage an effective security incident response program, including detection, analysis, containment, eradication, recovery, and incident reporting.

Develop and implement information security strategies, policies, procedures, and standards aligned with the company’s business objectives, regulatory compliance (particularly the Personal Data Protection Law), and industry standards (ISO/IEC 27001, NIST CSF, SNI ISO/IEC 27032, SNI IEC 62443).

Conduct regular information security risk assessments to identify vulnerabilities and threats across both on-premise and cloud infrastructures.

Lead and manage the IT Security team, including recruitment, training, and professional development.

Ensure the security of client-accessed applications and vendor API integrations, including the implementation of a Secure Software Development Lifecycle (SSDLC), application security testing, and protection against common attacks (e.g., OWASP Top 10).

Ensure compliance with the Personal Data Protection Law, including the management of data subject rights, personal data transfers, and, if necessary, collaborating with or acting as the Data Protection Officer (DPO).

Perform internal and external security audits, and manage relationships with auditors and regulators.

Prepare and manage the IT security budget as well as oversee security vendors.

Stay updated on the latest trends in cyber threats, security technologies, and regulatory requirements.

Minimum of 3–5 years of professional experience in information security, with at least 1–2 years in a leadership role.

Hands-on experience securing hybrid infrastructures, including both on-premise and multi-cloud environments (experience with Tencent Cloud, Alibaba Cloud, and Zetta Grid is highly preferred).

Proven expertise in risk management, vulnerability assessment, penetration testing, and security incident response.

Strong understanding and practical experience in compliance with data security regulations (especially Indonesia’s Personal Data Protection Law) and industry standards (ISO/IEC 27001, NIST Cybersecurity Framework).

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.

Professional certifications are highly preferred, such as:

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Cloud Security Professional (CCSP)
• Certified Ethical Hacker (CEH)
• GIAC Security Leadership Certification (GSLC)