We are looking for The Governance, Risk, and Compliance Team. You will be responsible for defining, measuring, assessing and aligning with the ISO 27001 framework and other regulatory compliance legislature through maintenance/publication of the information Security Policy & Guiding Standards, coordination of security training/awareness and being responsible for Policy enforcement.
The purpose of this position is to ensure compliance with FinAccel’s internal controls, regulatory and information security policies and procedures. Also, to provide highly skilled technical and information security expertise for the development and implementation of the information security risk management program.
- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the company information and technology systems.
- Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Owns and runs all aspects of the Security Awareness Program.
- Responsible for contract reviews with potential technology providers to ensure negotiated agreement include critical Information Assurance terms and conditions.
- Provides ongoing metrics and reporting for security resource consumption at all levels in the organization.
- Execute strategy for dealing with the increasing number of audits, compliance checks, and external assessment processes for internal/external auditors, such as ISO 27001, ITGC, OJK Regulations, etc.
- Work with Internal Audit/External Audit and outside consultants as appropriate on required security assessments and audits
- Coordinate and track all information technology and security-related audits including the scope of audits, timelines, auditing agencies, and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance and evaluation on audit responses.
- 2-3 years of advanced IT skills with a high level of information security experience and expertise.
- Bachelor’s or master’s degree in computer science, information systems, business administration or related field, or equivalent work experience
- Knowledge of information technology system and processes, network infrastructure, data architecture, data processes, protocols and incident response management.
- Understanding of applicable information security management frameworks, governance and compliance principles, practices, laws, rules and regulations relating to technology and financial environment (e.g., OJK Regulation, ISO 27001, ITGC, etc.)
- Ability to develop and implement enterprise governance, risk and compliance strategy and solutions.
- Able to develop and establish security standards and guidelines based on best practices and industry standards.
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
- 1-2 years of planning and managing security projects.
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
- Skills in maintaining confidentiality, documenting risk and compliance activities.
- Information security-related training or certifications such as ISO 27001 Auditor, CISSP, or CRISC.
- Experience performing information system audits or risk assessments.
- Familiarity with risk management methodology, information system auditing, monitoring, and controlling.