Lowongan IT Governance Risk Compliance Manager di PT Karisma Zona Kreatifku

IT GRC Manager

The IT GRC Manager is responsible for developing, implementing, and maintaining an effective IT Governance, Risk, and Compliance program within the organization. This role ensures that the company's IT systems, policies, and processes align with industry regulations and best practices to mitigate risks and maintain a secure and compliant IT environment.

Key Responsibilities:

GRC Strategy and Planning:

• Develop and implement an IT GRC strategy aligned with the organization's business goals and regulatory requirements.
• Collaborate with executive leadership to define risk tolerance and compliance objectives.
• Create a roadmap for GRC initiatives and monitor progress.

Regulatory Compliance:

• Stay updated on relevant laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001, NIST, etc.).
• Ensure the organization complies with all applicable IT-related regulations.
• Develop and maintain compliance documentation and reporting.

Risk Assessment and Management:

• Conduct risk assessments to identify vulnerabilities, threats, and potential impacts.
• Develop risk mitigation strategies and action plans.
• Monitor and report on risk status and improvements.
• Security Policies and Procedures:
• Create, update, and enforce IT security policies and procedures.
• Train employees on security awareness and best practices.
• Implement measures to safeguard sensitive data and information assets.

Audit and Assessment:

• Coordinate internal and external IT audits and assessments.
• Address audit findings and ensure timely remediation.
• Maintain a repository of audit-related documentation.
• Vendor and Third-Party Risk Management:
• Evaluate and manage IT-related risks associated with third-party vendors and suppliers.
• Conduct vendor security assessments.
• Ensure third-party contracts include necessary security and compliance clauses.

Incident Response and Reporting:

• Develop an incident response plan and lead incident response efforts when security incidents occur.
• Report security incidents to appropriate stakeholders, regulatory bodies, and law enforcement when necessary.

Training and Awareness:

• Promote a culture of security awareness and compliance throughout the organization.
• Provide training and educational materials to staff.

Qualifications:

• Bachelor's degree in Information Technology, Computer Science, or a related field (Master's degree preferred).
• Professional certifications such as CISA, CISM, CRISC, or CISSP are a plus.
• Proven experience in IT GRC, compliance, and risk management.
• Strong knowledge of relevant regulations and frameworks.
• Excellent communication and leadership skills.
• Ability to work cross-functionally and lead a team.
• Strong analytical and problem-solving abilities.
• Experience: Typically, 5+ years of relevant IT GRC and compliance experience.

Is a must :

• Komunikasi yang luwes dan proaktif,
• Interpersonal skill yang menonjol,
• Pengalaman sebagai Manager GRC di bank/financial institution (is a plus),
• Attention to detail,
• Rapi