About the Role
We are seeking a highly skilled and experienced Information Security Governance to strengthen and mature our organization’s IT security governance posture. In this role, you will be responsible for building, managing, and continuously improving our IT security governance, ensuring strong alignment between information assets, business processes, technology development, and overall business strategy. You will play a critical role in ensuring security controls, security governance, and security risk management align with the standards, framework, and regulations. This role requires a structured, detail-oriented, and collaborative professional with strong IT security knowledge and a passion for building sustainable governance practices.
What you’ll do
- IT Governance & Policy Development : Establish, manage, and operate Information Security Management System (ISMS) in accordance with ISO27001 including governance over Information security and personal data protection (PDP).
- Develop, implement, and continuously maintain security and data protection policy standards and procedure aligned with business objectives and industry best practices.
- Regulatory & Standards Compliance : Ensure compliance with applicable information security and personal data protection regulations, including PDP Law (UU PDP) and international standards such as ISO 27001, PCI DSS, and NIST. Identify and manage security and privacy-related regulatory obligations, coordinate the preparation of compliance documentation, and ensure security and data protection controls meet regulatory and audit expectations.
- SDLC & Product Governance : Govern the implementation of Security by Design and Privacy by Design principles across the system and product development lifecycle. Ensure information security and personal data protection requirements are defined, reviewed, and validated throughout ideation, development, deployment, and operations in alignment with ISO 27001 and PDP requirements.
- Audit Management : Act as the primary owner for information security, ISMS, and data protection audits. Plan and coordinate internal and external audits, manage audit evidence, respond to audit inquiries, track findings, and ensure corrective actions and continual improvement activities are executed and documented in accordance with ISO 27001 and PDP obligations.
- Third-Party Risk Management (TPRM) : Govern third-party risk management initiatives by assessing and managing risks associated with vendors, partners, and other third parties integrated with company systems.
- Incident Response, DRP & BCP Governance : Collaborate with technical and operational teams to ensure effective incident response governance, including Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) readiness and testing.
- Security & Compliance Awareness : Promote a strong security and compliance culture across the organization through training programs, awareness initiatives, and continuous education.
What you’ll need
- Education: Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field. Relevant certifications such as ISO27001 Lead Auditor, CISA, GRCP, GRCA are highly desirable.
- Experience & Expertise : Proven experience in developing and executing IT governance frameworks, policies, and compliance programs in a practical, hands-on environment. Strong understanding of IT regulatory compliance and risk assessment principles.
- Regulatory & Risk Knowledge : Solid knowledge of information security standards, regulatory requirements, and governance frameworks. Banking or financial services industry experience is a strong advantage.
- Analytical & Monitoring Skills : Excellent analytical skills to assess IT risks, monitor governance effectiveness, and identify trends or gaps in compliance and controls.
- Communication & Collaboration : Strong communication and stakeholder management skills, with the ability to collaborate effectively across technical, business, and leadership teams.
- IT Management & Security Best Practices : Deep understanding of IT management best practices, information security controls, and risk mitigation strategies.