IT Risk & Governance

Job Description: Identify, assess, and evaluate IT risks across systems, infrastructure, applications, processes, and third-party vendors. Analyze risk impacts and ensure the effectiveness of implemented IT controls and mitigation plans. Monitor and follow up on IT risk mitigation actions to ensure timely and proper resolution. Prepare and present periodic IT risk reports in accordance with established standards and internal procedures. Ensure information protection by reviewing and monitoring the implementation of access controls and security measures. Develop, update, and maintain IT Security Risk & Governance policies and procedures to align with business needs and regulatory requirements. Monitor policy and procedure updates at the IT Division level to ensure consistency and compliance. Ensure completeness and proper documentation of IT operational procedures and governance controls. Support internal and external audit processes by collecting, validating, and providing required documentation and evidence. Monitor and track remediation of audit findings related to IT security and risk management, ensuring proper closure and reporting updates.

Job Qualification: Bachelor’s degree (S1) in Information Technology, Computer Science, Information Systems, or other related disciplines. Minimum 3 years of experience in IT Risk Management, IT Governance, IT Audit, or IT Compliance. Strong understanding of risk management principles and IT risk assessment methodologies. Familiar with IT governance frameworks such as COBIT and ITIL. Knowledge of regulatory requirements (e.g., Otoritas Jasa Keuangan) and information security standards such as ISO/IEC 27001. Basic understanding of IT security controls, including firewall, IDS/IPS, encryption, and access management. Familiar with audit processes (internal and external) and compliance monitoring practices. Understanding of basic project management concepts. Strong analytical thinking and ability to assess and measure IT security risk exposure. Good communication skills, detail-oriented, able to work independently as well as collaboratively with cross-functional teams, and high integrity in handling confidential information.