Back to job search

IT Risk and Compliance Specialist

Home Credit Indonesia
Home Credit Indonesia (Jakarta, Indonesia)
DKI Jakarta, Indonesia 🇮🇩
Home Credit Indonesia
Home Credit is a multinational tech-based financial company. Our vision is to always support our customers by providing a transparent, fast, and easy service, anywhere and everywhere they go be it online or offline. We aim to help our customers to see and create more possibilities in life. From electronic financing, working capital financing, buy now pay later, to protection– we got it all! Home Credit Indonesia was established in 2013 with the head office in Jakarta. We are continuously growing our business to expand into all cities and territories in Indonesia. Every one of us is committed to the entrepreneurial culture. We aim to provide a place that supports openness and collaboration for every individual at Home Credit Indonesia while still caring about their personal goals and aspirations. We are the people who love what we do and we do what we love!

About this position

IT Risk Compliance Specialist is responsible to planning, coordinating and maintaining activities related to the design, development, and implementation of Home Credit Indonesia’ information security control.

Responsibilities

• Manage IT risk & vulnerabilities analysis for various IT systems and processes, and perform periodic IT risk reviews to validate that the security posture satisfies Information Security and facility security requirements.
• Implement information security strategy and risk management
• Conduct regular Risk Control Self Assessment (Matrix and Review)
• Conduct IT risk assessment, implementation, and execution of risk management processes from identification, assessment, decision, monitoring to reporting
• Identify IT risks and controls necessary to remediate identified risks and vulnerabilities; ensure that remediation is done effectively
• Coordinate engagements with regulators, including periodic reporting, preparation of presentations and written deliverables of regulatory requirements
• Maintain industry knowledge and skills in the areas of compliance, audit, and risk management and applying them to improve internal processes and practices
• Responsible for resolving issues and mitigating risks, escalating issues/risks, when appropriate
• Facilitate assessments performed by external Qualified Security Assessors
• Create, maintain, and update all IT policies and procedures to be inline with well-known international standards (e.g. ISO27001, NIST, etc).

Requirements

• Minimum bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field
• Have 5+ years of experience in IT governance, risk management, compliance, audit role(s)
• Have a strong technical knowledge of information security principles and risk management practices
• Have a broad understanding of information security policies and standards, as well as regulatory and compliance frameworks (e.g. ISO27001, PCI-DSS, GR & POJK)
• Have strong oral and written communication skills; proficient in English; good at building and maintaining relationships with others
• Experience working with Internal Audit, Risk Management, and Legal & Compliance functions
• Knowledge of, or experience working with, Cloud technologies/environments is a plus
• Certification in IT Security Risk area (e.g. CISA, CISM, CRISC, CISSP, CompTIA Security+, or similar certifications) would be an added advantage.