Enable job alerts via email!

IT Security & GRC (Lead/Manager)

Cermati.com

Daerah Khusus Ibukota Jakarta

On-site

IDR 200.000.000 - 300.000.000

Full time

30+ days ago

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Start fresh or import an existing resume

Job summary

Join a dynamic fintech startup in Indonesia that is transforming the financial landscape. This role focuses on developing and maintaining IT governance and compliance policies, ensuring adherence to internal and external regulations. The company fosters a culture of transparency and meritocracy, drawing talent from prestigious tech firms and universities. You will play a critical role in safeguarding information assets and enhancing the organization's IT governance framework. If you have a passion for information security and a drive to make an impact, this opportunity is for you.

Qualifications

  • Minimum 3 years in Information Security or IT GRC in financial services.
  • Experience with ISO 27001 and PCI-DSS standards implementation.

Responsibilities

  • Develop and maintain IT policies and procedures per regulations.
  • Coordinate with Compliance for risk assessments and mitigation.

Skills

Information Security
IT Governance
Risk Management
Compliance
Communication Skills

Education

Bachelor's Degree in IT or related field

Tools

ISO 27001
PCI DSS

Job description

Company Description

Cermati is a financial technology (fintech) startup based in Indonesia. Cermati simplifies the process of finding and applying for financial products by bringing everything online so people can shop around for financial products online and apply online without having to physically visit a bank.

Our team hails from Silicon Valley tech companies such as Google, Microsoft, LinkedIn, and Sofi, as well as Indonesian startups such as Doku and Touchten. We have graduates from well-known universities such as Universitas Indonesia, ITB, Stanford, University of Washington, Cornell, and many others. We are building a company with the same culture of openness, transparency, drive, and meritocracy as Silicon Valley companies. Join us in our cause to build a world-class fintech company in Indonesia.

Job Description
  • Develop and maintain IT policies, standards, and procedures according to applicable internal and external requirements, including the applicable regulations in Indonesia (POJK, PBI).
  • Coordinate with the Compliance team to perform gap assessments and recommend appropriate measures to mitigate risks.
  • Ensure that every initiative, development, and collaboration complies with the standards and regulations (internal and external).
  • Develop and implement the RBAC and least privilege access management.
  • Assess the effectiveness of IT controls, policies, and procedures in place to safeguard information assets, ensure data integrity, and maintain system availability.
  • Coordinate with related IT work units to follow up on data requests and the implementation of audit recommendations (internal audit, external audit, and regulator).
  • Continuously update and implement the internal control framework, policies, and procedures to strengthen the organization's IT governance according to IT General Control, IT Application Control, ISO 27001, PCI DSS, and other industry best practices.
  • Socialize and regularly raise awareness to ensure IT policy, procedures, guidelines, and standards are implemented in day-to-day operations.
Qualifications
  • A minimum of 3 years of experience in Information Security, IT Governance, Risk, and Compliance (IT GRC), or IT Auditor in banking or the financial services industry.
  • Experience in developing and maintaining IT and/or information security policies and procedures.
  • Demonstrate good communication and writing skills.
  • Proven experience in implementing and/or auditing ISO 27001 and PCI-DSS standards.
  • Good understanding of the applicable regulatory requirements (such as OJK, BI, and Kemkominfo) and how they impact IT policies.
  • One or more of the following or equivalent certifications preferred: CISA, CRISC, CISSP.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.