Senior GRC

As a Senior GRC, you will act as a strategic advisor to executive and technology leadership, translating complex legal and regulatory requirements into tangible security controls. You will design the enterprise control framework, drive third-party risk management, and spearhead compliance for frameworks like SOC 2, ISO 27001, and NIST.

• Strategy & Governance: Lead the development, maintenance, and enforcement of corporate security policies, standards, and control frameworks across the organization.
• Risk Management: Perform comprehensive enterprise risk assessments, maintain risk registers, track remediation roadmaps, and clearly report cyber risk posture to leadership. Perform IT risk assessments, maintain the local risk register, and report cyber risk postures directly to regional leadership.
• Regulatory Compliance & Audit: Ensure alignment with Indonesian data privacy laws (UU PDP), OJK regulations (e.g., SEOJK 29), and Kominfo requirements. Act as the primary liaison for external auditors, Bank Indonesia, OJK, and other local regulatory bodies during audits. Oversee end-to-end compliance efforts (e.g., PCI-DSS, SOC 2, GDPR), coordinate with external auditors, and manage audit readiness.
• Vendor Risk Management: Evaluate third-party risks during vendor onboarding and assess supply chain security vulnerabilities, ensure compliance with corporate security policies and standards.
• Stakeholder Enablement: Collaborate closely with legal, engineering, and product teams to integrate security into development pipelines and daily operations.
• IAM\PAM Governance & Lifecycle: Define and enforce identity governance policies, including user provisioning, Role-Based Access Control (RBAC), Least Privilege principles, and Segregation of Duties (SoD) matrices. Govern access controls for high-risk users and administrative accounts, ensuring alignment with security best practices and compliance logs.

• Experience: 8+ years in cybersecurity, IT risk management, or information security, with deep experience navigating the Indonesian regulatory environment, and at least 3-4 years in a senior or lead capacity.
• Framework Fluency: Deep, hands-on experience implementing framework such as ISO\IEC 27001, NIST CSF, COBIT and CIS benchmarks.
• Certifications: Relevant industry certifications such as CISSP, CISA, or CRISC are highly preferred.
• Communication: Exceptional ability to translate complex technical jargon into actionable business terms for executives.

Join us as we make magic happen to increase Indonesia’s financial inclusion!