It Security Officer Jobs

PT Kredit Biro Indonesia Jaya (KBIJ), is established in 2014, and obtained a business license to operate as a private credit bureau (Lembaga Pengelola Informasi Perkreditan, LPIP) from Financial Services Authority (Otoritas Jasa Keuangan, OJK) in 2015.

In November 2021, after obtaining approval from OJK, KBIJ received additional capital from new shareholders and also a new management team is appointed.

The acceleration of digital financial services in Indonesia goes faster than ever and the expansion of financial inclusion among consumers and unbanked and underbanked businesses continues to be a major national agenda.

With the expertise, experience, and deep network of its new senior management team in this area, KBIJ will expand the reach and depth of its credit reporting and information services with the ultimate goal of providing trusted and reliable credit ratings and information to our various business partners.

With the new management team and in line with its vision and mission, in July 2022, KBIJ transformed into a new identity, i.e. CBI (Credit Bureau Indonesia), which aiming to provide new and leading-edge services and products. This new identity will also strengthen KBIJ's position as the "best-in-class, modern and innovative" credit bureau in Indonesia.

As a modern credit bureau, KBIJ provides the best products and services in the form of data credit information that is thoroughly designed, customizable, real-time, with a precise and high-accuracy level of analysis to support its members in executing business strategies, increasing company efficiency and productivity, and testing creditor credit risks.

CBI is supported by the latest IT system and infrastructure, and in-house built core applications. The application architecture adopts modern applications based on microservices and intensive use of artificial intelligence technology. To enrich is scope of data, CBI has partnerships with various credible alternative data sources.

Responsibilities

• Implement and maintain security control tools.
• Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with local regulations and standards.
• Develop custom systems for specialized security features and procedures for software systems, networks, data centers, and hardware (working closely with Senior IT Infrastructure)
• Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture
• Receives allegations of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyses patterns and trends
• Broaden and deepen knowledge of the business and environment of IT with respect to the delivery of projects, strategic initiatives, and systems, portfolios to effectively assist IT staff with risk and compliance management
• Perform a vulnerability test on the local environment (using tools)
• Conducted audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory and standard requirements through proactive planning and communication, ownership, and relationships
• Conduct counteractive protocols and report incidents. They offer customized risk ratings for vulnerabilities based on company policies and maintain IT security controls documentation.

Requirements

• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (Cob IT, ISO, NIST, ITIL)
• General knowledge of information security regulatory requirements and standards such as ISO 27001/2, SANS top 20 and NIST 800-53.
• Bachelor's degree in computer science, information technology, or a related field.
• Experience in handling OJK Audit Process
• Experience in Cyber Security area SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing)
• Experience in risk, compliance, and information security policy development.
• 5+ years of experience in the IT Security area.