Job Description

We are looking for an experienced security manager with technical background to the company's information security function, combining hands-on technical depth with program management. The role is approximately 20 % technical execution and 80 % leadership, governance, and coordination. The Security Lead builds and maintains the risk-based security programme covering cloud infrastructure, secure SDLC, incident response, and regulatory compliance. This is a team-lead position reporting to the CTO.

Responsibilities

• Develop and manage risk-based security program and strategy, drive its successful implementation through security, policies, procedures and standards.
• Work closely with technical, non-technical stakeholders and cross-functional teams to ensure compliance with security standards and policies and integration of security requirements into business processes and projects.
• Define risk appetite, develop risk acceptance, management and reporting protocols to make sure company leadership is aware of the risk profile and can make informed decisions. Conduct regular security assessments, audits and inspections to identify gaps and areas for improvement, and report the results.
• Support the CTO in security budgeting, vendor selection, and control assurance activities.
• Lead and manage a team of security professionals, including hiring, training and performance management.
• Oversee the implementation and maintenance of security technologies such as SIEM, intrusion detection and prevention systems, WAF, vulnerability management, etc.
• Implement security incident response protocols and plans, lead incident response and security breaches investigations. Conduct root cause analysis, develop and implement mitigation and corrective actions.
• Act as a subject matter expert in cloud security, directly supporting DevOps and Software Engineering teams in secure infrastructure architecture, deployment, configuration and operations. Participate hands-on in security reviews of infrastructure changes.
• Design and implement secure software development lifecycle (S-SDLC) and engage with Software Engineering and DevOps teams to implement secure development practices, including code reviews, static and dynamic security scanning, dependency checks, etc. Ensure software vulnerabilities are fixed in time and work closely with relevant teams to develop, manage and track SLOs on security fixes.
• Stay current with emerging security threats and technologies, and implement appropriate measures to mitigate risks.
• Provide training and awareness programs to technical and non-technical employees on information security best practices and procedures.

Requirements

• 7+ years of professional experience in cybersecurity with at least 3 years in a leadership or team-lead role.
• In-depth understanding of cybersecurity principles and best practices.
• Excellent understanding of risk-management principles and demonstrated experience implementing them in the real-life security program.
• Hands-on experience implementing and reviewing cloud infrastructure configurations and assessing its security. Experience implementing secure infrastructure management pipelines.
• Experience building and running security incident response programs and being hands-on coordinating and participating in security incident response.
• Availability to respond to security alerts and respond to security incidents outside of business hours.
• Certification in information security is preferable
• Strong knowledge of SIEM tools, intrusion detection systems (IDS/IPS), and security monitoring tools

Benefits

Join us as we make magic happen to increase Indonesia’s financial inclusion!