IT GRC

This position is required to strengthen the IT Governance, Risk, and Compliance function by ensuring effective IT risk management, regulatory compliance, audit readiness, and the maintenance of internal policies and procedures. The role will focus on handling IT Risk activities, as well as supporting the update and development of new SOPs to enhance internal governance and ensure compliance with regulatory requirements.

Manage and update the IT risk register, including risk identification, risk treatment, mitigation, progress monitoring, and supporting evidence.

Draft, review, and update policies, standards, SOPs, and internal documents related to the technology function to ensure alignment with operational needs and regulatory requirements.

Monitor compliance with applicable regulations and standards, including POJK/SEOJK, the Personal Data Protection Law, and other audit or regulatory requirements.

Support internal and external audits, including coordination of evidence collection, follow-up on findings, and monitoring of closure against target timelines.

Prepare, consolidate, and validate technology/GRC-related reports for management, auditors, and regulators.

Minimum 5 years of experience in banking or financial services in the areas of IT GRC, IT risk, IT compliance, or information security governance.

Strong understanding of drafting and maintaining IT policies/SOPs, managing risk registers, audit follow-up, and responding to regulatory requests.

Good understanding of IT regulations in the banking sector as well as standards/frameworks such as ISO 27001, NIST, and COBIT.

Able to coordinate across functions, prepare reports effectively, and maintain strong attention to detail for documents and evidence.

Strong communication skills, able to work independently, and comfortable working in a dynamic environment with multiple priorities.