IT Risk Specialist

In this role, you will be responsible for executing technical risk assessments and validation of security controls, contributing to the protection of the bank's systems, data, and infrastructure from cyber threats, technology failures, and operational risks. You will assess the effectiveness of operational activities, validate controls, and ensure that technical risks are being managed within the Bank’s risk appetite and ensuring compliance with digital banking regulations and aligned with the bank's business strategy.

About The Role: Conduct detailed risk assessments ensuring alignment with regulatory requirements (OJK and BI) and industry best practices (ISO 27001, NIST, COBIT, CIS, etc) on IT product, infrastructure, and processes to maintain the integrity of the bank's risk framework. Analyze architectures and configurations to identify risks and propose actionable Risk Treatment Plans (RTP) to mitigate them. Validate and test controls to verify they are operating effectively and mitigating risks as designed. Assess the security impact of new banking products and technology initiatives to ensure potential security exposures are identified and understood before deployment. Monitor and track the progress of open Risk Treatment Plans (RTPs) and ensure that remediation adheres to agreed timelines and quality standards. Translate technical findings into objective risk reports that facilitate the alignment of technology risk strategy with broader business objectives. Coordinate with the IT and Information Security team within incident management, disaster recovery, or risk event discovery to validate root cause analysis and ensure future prevention strategies are sound. Collaborate with implementation teams to ensure proper and adequate controls are implemented within new projects, changes, or initiatives.

About You: Bachelor’s degree in Computer Science, Engineering, Information Systems, or a related technical discipline. Minimum 2–4 years of hands-on experience in a technical role such as Security Engineering, Network Engineering, or System Administration; prior experience in Blue Team is highly recommended. Ability to understand underlying technologies to identify where they might fail or be exploited. Demonstrated assertiveness and confidence to challenge implementation teams on their progress and ensure risk treatments are completed on time. Strong written and verbal communication skills to articulate technical risks to non-technical stakeholders. A strong growth mindset with a demonstrated willingness to learn new risk frameworks, banking regulations, and emerging technologies. Professional certifications in practical security domains (e.g. Security+, CEH, etc) are a plus.