IT Senior Security Officer

Develop, define, and implement comprehensive and up-to-date information security policies, procedures, and standards.

Manage and monitor end‑to‑end system security covering networks, servers, applications, databases, APIs, and cloud services to minimize cyber risks.

Conduct cyber threat monitoring, vulnerability assessments, penetration testing, and regular security testing.

Lead security incident response activities, including investigation, remediation, incident documentation, and continuous improvement recommendations.

Identify, analyze, and mitigate information security risks through a proactive and risk‑based approach.

Collaborate with IT, Engineering, DevOps teams, and third‑party vendors to ensure secure system architecture (secure by design).

Support compliance with international information security standards such as ISO/IEC 27001 and industry frameworks including NIST and OWASP, through implementation and periodic internal audits.

Actively participate in preparation for and response to internal and external audits, including compliance with Indonesian regulations related to Digital Financial Asset Trading Providers.

Develop and deliver security awareness training programs to strengthen a strong security culture across the organization.

Prepare periodic security reports and present strategic findings and recommendations to senior management.

• Minimum Bachelor’s Degree (S1) in Information Technology, Information Systems, Cyber Security, or other relevant fields.
• Minimum 5 years of experience in information security or system security, with at least 2 years in a senior or leadership role.
• Willing to work on‑call or on standby as required to support operational and security needs.
• Strong and in‑depth knowledge of network security, application security, cloud security (e.g., AWS, Huawei Cloud, GCP, Azure, etc.), and data protection.
• Proven expertise in incident response, vulnerability management, and security monitoring.
• Hands‑on experience in designing and implementing security controls, including encryption, Multi‑Factor Authentication (MFA), SIEM, and Data Loss Prevention (DLP).
• Familiar with security frameworks and standards such as ISO 27001, NIST, OWASP, PCI DSS (if applicable), and best practices within the crypto industry.
• Experience conducting risk assessments, secure code reviews, and penetration testing.
• Good understanding of the implementation and importance of audit trails in operational systems.

IP‑TRIBE PRIVATE LIMITED, Jakarta, ID.