IT Security Lead - Security GRC (Technology)
Tokopedia
- South Jakarta, IndonesiaTokopedia Tower. Jl. Prof Dr. Satrio Street Kav. 11, 52nd Floor, Kelurahan Karet Semanggi, Kecamatan Setiabudi, RT.3/RW.3,12940, South Jakarta, DKI Jakarta, IndonesiaSouth JakartaDKI JakartaIndonesiaIndonesia
- Full timeFULL_TIME
Job closed.
Job Description
- Lead a team in developing the GRC operating model and a service-oriented customer engagement model.
- Operationalize various GRC capability areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, and metrics and reporting.
- Lead the operationalization of IT security controls assurance programs to support various compliance regulations.
- Perform IT risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business.
- Work with various operational and business teams to drive toward a cohesive view of IT security risk and drive remediation items to closure.
- Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders.
- Monitor the IT security risk profiles of our service providers to objectively determine high risk service providers that require additional review.
- Responsible for the planning, scoping and execution of these assessments.
- People management responsibilities in terms of mentoring, teaching hard and soft skills, and managing their career path.
- Nurture and manage the team members to achieve team goals.
- Help suggest ideas in improving IT security policies in Tokopedia.
- Review created security reports and analysis and from these documents come up with conclusions for managerial decision making.
- Manage the team to ensure timely provisioning.
Minimum Qualifications
- Bachelor's Degree in computer science or other related field.
- Candidate must have 7+ years working in governance, risk and compliance and/or information security and risk management.
- Minimum 3 years in a managerial position.
- Functional knowledge of the CISSP security domains and information security industry standard and best practices.
- Functional knowledge of applicable security regulatory requirements (SOX, GDPR).
- Functional knowledge of ISMS governance models (e.g., ISO, NIST), information security roles, IT security controls.
- Functional knowledge of common security certifications (e.g., ISO 27000 series, SOC1, SOC2, PCI DSS) and ability to glean significance from findings identified in these reports.
- Ability to communicate risk methodologies and concepts to the business unit and IT.
- Experience with developing security reporting and recommendations that are meaningful, defensible, and actionable for a variety of audiences.
- Demonstrated experience with controls definition, development, implementation and assessment.
- Strong Project Management Skills.
Jobs Summary
- Job Level
- Mid-Senior Level / Manager
- Job Category
- IT and Software
- Educational Requirement
- Bachelor's degree graduate
- Recruiter response to application
- Always
- Office Address
- South Jakarta, DKI Jakarta, Indonesia
About Tokopedia
Tokopedia is an Indonesian technology company with a mission to democratize commerce through technology. We are the leading marketplace in Indonesia; we encourage millions of merchants and consumers to participate in the future of commerce.
Our vision is to build an ecosystem where everyone can start and discover anything with ease.
We are holding to these three principles that drive us forward. We call them our DNA, the traits that embody who we are as Tokopedia Nakama: Focus on Consumer, Growth Mindset, and Make it Happen, Make it Better