This mid-level role is key to developing and maintaining our information security policies, standards, and controls. You will align our security posture with industry best practices and regulatory requirements, bridging the gap between technical teams and business strategy. A strong technical background and a passion for clear security governance are essential.
- Develop, review, and manage security policies, standards, and procedures in line with frameworks like ISO 27001, NIST CSF, and CIS Controls.
- Assess technical and operational controls, conduct gap analyses, and help manage the information security risk register.
- Serve as a key contact for internal and external audits, preparing evidence and tracking remediation of findings.
- Assist in creating security awareness materials and provide governance advice for new technologies and projects.
- Participate in the security assessment of third-party vendors.
- Develop and maintain dashboards to report on GRC initiatives, compliance, and risk levels to leadership.
- Minimum 3-5 years in information security, IT risk, or a similar role.
- Bachelor’s degree in a relevant field (Computer Science, Cybersecurity).
- Certifications such as CISA, CRISC, CISSP, or Security+ are a plus.
- Proven experience with security frameworks (ISO 27001, NIST CSF, CIS Controls).
- Solid understanding of core security domains (IAM, network security, vulnerability management).
- Familiar with cloud security (AWS, Azure, GCP).
- Able to analyze vulnerability reports and system logs.
- Excellent ability to write clear technical policies and communicate effectively in English and Bahasa Indonesia with both technical and business stakeholders.
- Have strong problem-solving skills with high attention to detail.
Laporkan lowongan
