Information Security Manager (GRC)
RecruicityFull-timeSouth Jakarta, South Jakarta City, Jakarta, Indonesia
Responsibilities:
- Understand and Involve with business teams to address the information security issues
- Information security awareness initiative and training to all staffs on a periodic basis
- Performing vendor security assessment and privacy security assessment
- Handling Information Security Incident Management
- Manage and Support the Personal Data Privacy requirements across different regions.
- Manage day-to-day activities, including policies, procedures, training and communication to business leaders in regards to the Information Security activities.
- In conjunction with Legal and Compliance identify information management and protection laws and regulations and implement actions to ensure compliance.
- Identify, track and oversee internal and external compliance and regulatory requirements (PCI, GDPR, Data Privacy, etc.) for the organization including compliance with established policies, procedures, standards, baselines and controls.
- Establish and manage the organization's wide information security awareness programs.
- Support the business project teams with Information security requirements at each stage.
- (In future after pandemic) There would be 30% travel required to ASEAN countries.
Qualifications:
- Minimum of 6 years of experience in Information Security governance and compliance.
- Good knowledge of information risk assessment and compliance needs.
- Good understanding of information security governance frameworks such as NIST, ISO27001, and COBIT.
- Working knowledge of applicable laws, regulations, and standards relating to security and data privacy
- BS or MS degree in Computer Science or related IT degree.
- Excellent communication skills.
- Ability to multi-task and prioritize work effectively.
- Highly self-motivated and self-starter with ability to work independently or with a team.
- Strong sense of ownership and driven to manage tasks/projects to completion.
- Security certifications preferred (e.g. CISM, CISSP, CDPSE, CIPP, CIPM CIPT or equivalent)