- Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local regulations and standards.
- Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture
- Conducted audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory and standard requirements through proactive planning and communication, ownership, and relationships
- Broaden and deepen knowledge of the business and environment of IT with respect to the delivery of projects, strategic initiatives, and systems, portfolios to effectively assist IT staff with risk and compliance management
- Receives allegations of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyses patterns and trends
- Implement and maintain security control tools.
- Perform a vulnerability test on the local environment (using tools)
- Conduct counteractive protocols and report incidents. They offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.
- Develop custom systems for specialized security features and procedures for software systems, networks, data centers, and hardware (working closely with Senior IT Infrastructure)
- Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (Cob IT, ISO, NIST, ITIL)
- General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53.
- Experience in risk, compliance, and information security policy development.
- Experience in Cyber Security area SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing)
- Experience in handling OJK Audit Process
- Bachelor's degree in computer science, information technology, or a related field.
- 5+ years of experience in the IT Security area.
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided