Develop and manage an effective security incident response program, including detection, analysis, containment, eradication, recovery, and incident reporting. Develop and implement information security strategies, policies, procedures, and standards aligned with the company’s business objectives, regulatory compliance (particularly the Personal Data Protection Law), and industry standards (ISO/IEC 27001, NIST CSF, SNI ISO/IEC 27032, SNI IEC 62443). Conduct regular information security risk assessments to identify vulnerabilities and threats across both on-premise and cloud infrastructures. Lead and manage the IT Security team, including recruitment, training, and professional development. Ensure the security of client-accessed applications and vendor API integrations, including the implementation of a Secure Software Development Lifecycle (SSDLC), application security testing, and protection against common attacks (e.g., OWASP Top 10). Ensure compliance with the Personal Data Protection Law, including the management of data subject rights, personal data transfers, and, if necessary, collaborating with or acting as the Data Protection Officer (DPO). Perform internal and external security audits, and manage relationships with auditors and regulators. Prepare and manage the IT security budget as well as oversee security vendors. Stay updated on the latest trends in cyber threats, security technologies, and regulatory requirements.

Jakarta Selatan