Deskripsi Pekerjaan
Are you ready to make a significant impact in the fast-paced fintech industry? GoTo Financial is looking for a highly skilled and motivated Senior IT GRC Analyst to join our Consumer Lending division in Jakarta. As a Senior IT GRC Analyst, you will play a pivotal role in ensuring that our systems, processes, and infrastructure meet the highest standards of regulatory compliance, information security, and risk management.
In this critical role, you will act as the bridge between technology and compliance, safeguarding our digital ecosystem while enabling rapid innovation in the consumer lending space. You will collaborate with cross-functional teams, including engineering, product, and legal, to design and implement robust IT Governance, Risk, and Compliance (GRC) frameworks. If you are passionate about cybersecurity, have a deep understanding of financial regulations (such as OJK requirements), and thrive in a dynamic tech environment, we want you on our team. Join us in our mission to empower consumer financial growth through secure and reliable technology solutions.
Tanggung Jawab
- Lead and execute comprehensive IT risk assessments, compliance audits, and control evaluations across the consumer lending portfolio.
- Develop, implement, and maintain robust IT GRC frameworks, policies, and procedures aligned with industry best practices (e.g., ISO 27001, NIST).
- Ensure continuous compliance with local and international regulatory requirements specific to the financial and consumer lending sectors.
- Collaborate closely with engineering and product teams to integrate security and compliance controls into the software development lifecycle (SDLC).
- Conduct third-party vendor risk assessments and monitor ongoing vendor compliance to mitigate supply chain risks.
- Prepare and present detailed risk reports, audit findings, and remediation plans to senior management and key stakeholders.
- Monitor the ongoing effectiveness of IT controls and drive remediation efforts for any identified vulnerabilities or audit deficiencies.
Kualifikasi
- Bachelor's degree in Information Technology, Computer Science, Information Security, or a related field.
- Minimum of 4+ years of proven experience in IT GRC, IT Auditing, Information Security, or Risk Management, preferably within the financial services or fintech industry.
- Strong knowledge of regulatory frameworks and standards (e.g., OJK regulations, ISO 27001, COBIT, PCI-DSS).
- Relevant professional certifications such as CISA, CRISC, CISM, or ISO 27001 Lead Auditor are highly desirable.
- Exceptional analytical and problem-solving skills, with a keen eye for identifying control gaps and process improvements.
- Excellent communication and presentation skills, capable of translating complex technical risks into business terms for executive stakeholders.
- Ability to thrive and adapt in a fast-paced, agile, and highly collaborative tech environment.