Security Governance, Risk, and Compliance Specialist

About the Role

Security GRC team responsible for laying the foundations of security across our Governance, Risk and Compliance (GRC) to protect Superbank’s Infrastructure, Applications and data. 

This position will report to the Head of Information Security and work closely with the Tech team, Compliance and Risk teams and other Information Security sub-teams.

Although the key focus of the role is the maintenance of the Information Security Management System (ISMS) aligned to ISO 27001, you will also help develop a Control Assurance function to advise on and monitor information security risks, control failings and Bank regulatory alignment (POJK, SEOJK, PBI, UU PDP, etc.).

Work Responsibilities

• Implement and maintain the ISMS Program to ensure information security governance and compliance for Bank Fama. This includes creating new or leading the maintenance of existing security and privacy policies, procedures, standards, and specifications to ensure they are updated and appropriately aligned with applicable laws, regulations, and the evolution of security risks.
• Collaborate with other relevant departments to ensure alignment and compliance of policies, standards, and specifications across the enterprise. This includes managing the information security exception process from the assessment, tracking, following up and providing alternative mitigating action items
• Work closely with the Head of Information Security to ensure key information security risks and issues are identified, addressed and resolved in a timely manner.
• Implement and maintain the information security risk management processes. This includes the assessment of information security risk across departments, systems, services, and third parties.
• Lead and track the progress of the information security risk treatment plan and ensure that all updates are documented in the risk register.
• Coordinate periodic security testing (e.g. penetration testing) and prioritize and manage response activities.
• Conduct information security awareness and compliance training programs.
• Assist with updating the Third Party Risk Management framework including policy, procedures, due diligence questionnaires and the monitoring of third parties’ adherence to information security and data privacy obligations.
• Develop relevant metrics, analyze data, identify trends and help drive improvements to the control environment.
• Assist the Head of Information Security in GRC and general information security issues as required, including interaction with other Information Security sub-teams team, Technology teams and business leaders.

Job Requirements

• At least five (3) years of experience in IT or information security related field, preferably in Governance, Risk, and Compliance related experience
• Strong knowledge and skills in developing and implementing enterprise governance, risk, and compliance strategy and solutions;
• Preferably experienced in working with IT or information security frameworks such as ISO 27001, NIST CSF, CIS CSC, and PCI DSS.
• Proven experience with risk management, multiple project management, policy development and third party risk assessment is a plus
• Human relations skills to interface with employees at all levels within the organization to manage risk in concert with the business needs that drive the company forward.
• Should have a security mindset and agile approach towards solving issues.
• Critical thinking and problem-solving abilities
• Good communications skills, proactiveness, eagerness to learn and flexibility.
• Flexible, with the ability to cope under pressure and switch between different tasks
• Team player with the ability to proactively collaborate with cross-functional teams

Leadership Competency

Individual Contributor