Jakarta, Indonesia

Full-Time

Develop and maintain IT policies, standards, and procedures according to applicable internal and external requirements, including the applicable regulations in Indonesia (POJK, PBI)
Coordinate with the Compliance team to perform gap assessment. Recommend appropriate measures to mitigate risks.
Ensure that every initiative, development, and collaboration complies with the standards and regulations (internal and external)
Develop and implement the RBAC and least privilege of access management
Assess the effectiveness of IT controls, policies, and procedures in place to safeguard information assets, ensure data integrity, and maintain system availability
Coordinate with the related IT work units to follow up on data requests and the implementation of audit recommendations (internal audit, external audit, and regulator)
Continuously update and implement the internal control framework, policies, and procedures to strengthen the organization's IT governance according to IT General Control, IT Application control, ISO 27001, PCI DSS, and other industry best practices
Socialization and regular awareness to ensure IT policy, procedures, guidelines, and standards are implemented in the day-to-day operations

A minimum of 3 years of experience as Information Security, IT Governance, Risk, and Compliance (IT GRC), or IT Auditor in banking or the financial service industry
Experience in developing and maintaining IT and/or information security policies and procedures
Demonstrate good communication and writing skills
Proven experience in implementing and/or auditing ISO 27001 and PCI-DSS standards
Good understanding of the applicable regulatory requirements (such as OJK, BI, and Kemkominfo) and how they impact IT policies
One or more of the following or equivalent certifications preferred: CISA, CRISC, CISSP

Cermati.com is hiring an

IT Security & GRC (Lead/Manager)