- Contribute to the development and maintenance of IT and information security policies and procedures in accordance with industry standards and applicable regulations.
- Periodically facilitate IT and information security awareness.
- Monitor and assess the organization's compliance with policies, standards, and relevant IT and information security regulations.
- Conduct regular compliance audits.
- Provide support to Internal and External Auditors regarding the implementation and certification of ISO 27001.
- Assist Internal and External Auditors and Compliance team in meeting regulatory and audit requirements.
- Participate in the identification, assessment, and monitoring of IT and information security risks.
- Support the development and maintenance of the risk register.
- Collaborate with the IT and information security team, as well as various business units, to ensure compliance and effectively mitigate risks.
- Bachelor's degree in Information Technology, Information Security, or a related field.
- Good understanding of GRC concepts and principles of information security.
- Basic knowledge of IT Risk, information security regulations such as "Peraturan OJK Manajemen Risiko TI" lembaga jasa keuangan non Bank, or ISO 27001.
- Familiarity with information technology and security, including knowledge of security controls.
- Strong analytical and problem-solving skills.
- Excellent communication skills, both verbal and written.
- Ability to compile clear and concise reports.
- Quick learner and adaptable to changes in technology and regulations.
- Additional certifications such as Cobit, ITIL, ISO 27001, CISA, or similar would be a plus.
- Effective team player and ability to collaborate with various stakeholders in the organization.
