IT GRC

Responsibilities:

Manage and update the IT risk register, including risk identification, risk treatment, mitigation, progress monitoring, and supporting evidence.
Draft, review, and update policies, standards, SOPs, and internal documents related to the technology function to ensure alignment with operational needs and regulatory requirements.
Monitor compliance with applicable regulations and standards, including POJK/SEOJK, the Personal Data Protection Law, and other audit or regulatory requirements.
Support internal and external audits, including coordination of evidence collection, follow-up on findings, and monitoring of closure against target timelines.
Prepare, consolidate, and validate technology/GRC-related reports for management, auditors, and regulators.

Requirements:

Minimum 5 years of experience in banking or financial services in the areas of IT GRC, IT risk, IT compliance, or information security governance.
Strong understanding of drafting and maintaining IT policies/SOPs, managing risk registers, audit follow-up, and responding to regulatory requests.
Good understanding of IT regulations in the banking sector as well as standards/frameworks such as ISO 27001, NIST, and COBIT.
Able to coordinate across functions, prepare reports effectively, and maintain strong attention to detail for documents and evidence.
Strong communication skills, able to work independently, and comfortable working in a dynamic environment with multiple priorities.