Job description for IT Governance, Risk & Compliance Specialist at DANA Indonesia
JOB DESCRIPTION
The role of Governance, Risk & Compliance Specialist is to assist Head of GRC for comprehensive security governance, risk, and control throughout the enterprise.
Develop, socialize, enforce, and evaluate security controls towards Confidentiality, Integrity, and Availability and relevant security standards and best practice (e.g. ISO, NIST, PCI-DSS, CIS)
Develop and implement security awareness session through workshops and campaigns.
Assist preparation and evidence collections related to security best practices and standards (ISO 27001, PCI-DSS, NIST)
Develop relevant policies, procedures, standards, guidelines, and forms related to the security control implementation by considering agility, simplicity, and performance
Coordinate with red team to perform regular and continuous social engineering exercises and campaign to improve user awareness.
Coordinate with blue team to perform security compliance review, detect and escalate if security anomaly found, and perform continuous improvement toward critical controls.
As a focal point for external party audit activity and suggest supporting functions and control needed.
JOB REQUIREMENTS
§ BSc degree Computer Science/Cyber Security (or related field).
§ Have minimum 3 years working experience of security engineer, specifically in Governance, Risk & Compliance field.
§ Familiar with risk management framework and its implementation, security vulnerability theory, security policy and regulation
§ Strong written and verbal communication skills in English and Bahasa Indonesia
1)Minimum Requirements (must-have skills, experience or exposure):
§ Information security experience in projects and/or small companies with minimum 3 years
§ Lead multi parties and multi-level counterparts for security certification and compliance.
§ Experience to perform thorough assessment, audit, and recommendation.
2) Core competencies:
§ Leadership
§ Communication
§ Influencing
§ Problem solving
§ Risk management
3) Good to have skills:
§ Audit and consulting (e.g. CISA certified)
§ Business acumen

