Senior IT GRC Analyst

About the Role

This role involves designing, developing, implementing, and maintaining risk-based IT policies to govern IT usage effectively at GoTo Financial (GTF). It encompasses exposure to financial products and services, including payments, lending, and digital ecosystem services. The role requires monitoring and assisting in the implementation of these policies, ensuring that required controls are effectively achieving their intended objectives. Additionally, the role will be actively involved in obtaining and maintaining certifications such as ISO 27001, ISO 27701, PCI DSS, PSrE, and navigating regulatory audits.

What You Will Do

• Develop and maintaining IT policies, standards and procedures according to applicable internal and external requirements, including the applicable regulations in Indonesia an other countries where GTF operate;
• Develop and maintain compliance, governance and risk-related IT and business process flow;
• Coordinating with compliance team to ensure that every initiative, development and collaboration are comply with the standards and regulations (internal and external);
• Conduct routine evaluation of policies and procedures implementation and ensure best practice risk mitigation and assessment functions are maintained to comply with the company's strategy;
• Coordinate with related IT work units to follow up on data requests and internal audit findings, external audits and regulators;
• Develop the process and conduct the activities to safekeep or archive of every IT development document in a regular basis;
• Implementing a good governance organization using the ISO27001, ISO 27701, PCI DSS & PSrE framework and other relevant Technology & Security best practices;
• Develop and implement the RBAC and least privilege of access management in the GTF technology stack
• Act as a Subject Matter Expert to the stakeholders and provide relevant & applicable consultation for addressing the IT GRC requirement in lending product & services. 

What You Will Need

• A minimum of 5 years experiences as Information Security, IT Governance, Risk and Compliance (IT GRC) or IT Auditors;
• Demonstrate excellent communication and writing skills and proficient with English written and spoken
• Experienced in developing and maintaining IT and/or information security policies and procedures;
• Excellent knowledge in developing risk management and IT framework, BIA, BCP and BCM Framework
• Experienced in report document development and delivery;
• Experienced in dealing with regulatory audit to represent the organization IT GRC operations;
• Having good knowledge with local and regional payment & lending regulatory requirements and how they impact IT policies (having experience is preferred);
• Having excellent experience with ISO 27001, ITIL. COBIT, and PCI-DSS standards;
• One or more of the following or equivalent certifications preferred: CISA, CRISC, ITIL, COBIT is preferred

About the Team

The individual in this role will be a key member of the GTF IT Governance, Risk, and Compliance (IT GRC) team, which is part of the broader GTF Compliance team. They will report directly to the GTF Head of IT GRC. The role requires close collaboration with various departments, including Regulatory and Compliance, Engineering, Legal, People & Partner, and other relevant stakeholders. This cross-functional interaction ensures that IT governance, risk management, and compliance strategies are aligned with the organization's overall objectives.

About GoTo Group

GoTo Group is the largest digital ecosystem in Indonesia with its mission to “Empower Progress’ by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms.It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia’s vast consumer household.

About Gojek 

Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.

About GoTo Financial

GoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.

GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.