IT Compliance

DOKU, PT NUSA SATU INTI ARTHA

Jakarta Selatan
Permanen
kerja tetap

1 bulan lalu

About the Job:
Lead the development and maintenance of a compliance framework aligned with business strategies, conduct external audits, and manage security risks to protect sensitive data such as cardholder data (CHD) and personally identifiable information (PII).What you will do:

Ensure the implementation of payment gateway security follows PCI DSS v4.0, ISO 27001:2022, GDPR, SOC 2, and data privacy regulations.
Monitor changes in industry regulations and assess their impact on the organization, updating compliance policies and procedures accordingly.
Develop and manage a compliance framework that aligns with business strategy and ensures adherence to laws and regulations.
Coordinate and lead external compliance audits (PCI DSS, ISO 27001, SOC 2), including audit preparation, document collection, and external audit team management.
Review and create security policies and procedures that meet regulatory requirements and industry best practices.
Ensure employee adherence to security policies and communicate policies effectively across the organization.
Maintain documentation for compliance activities, including risk assessments, audits, incident response exercises, and remediation efforts.
Identify potential security risks, mitigate non-compliance risks, and implement controls to protect data and meet regulatory requirements.
Collaborate with legal, IT, and operations teams to mitigate risks and ensure security policies protect sensitive data like CHD and PII.
Perform regular Data Protection Impact Assessments (DPIAs) to ensure data handling practices comply with privacy laws (GDPR, etc.).
Oversee encryption, tokenization, and data anonymization practices to meet regulatory requirements.
Ensure third-party vendors and partners comply with security and compliance requirements, including performing vendor security assessments and audits.
Oversee incident response protocols to ensure they comply with data breach notification laws (GDPR, PCI DSS) and manage incident reporting.
Ensure forensic investigations are conducted and documented for security incidents, with appropriate actions taken for resolution and prevention of future incidents.
Develop and deliver security compliance training programs for staff, including management and IT personnel, ensuring an understanding of regulatory requirements.
Conduct security awareness campaigns and compliance-focused training sessions to reduce human-related security risks.
Provide regular reports on compliance status, risk assessments, audit findings, and remediation efforts to senior management and stakeholders.
Develop Key Risk Indicators (KRI) and Key Performance Indicators (KPI) to measure compliance effectiveness and track improvements.
Promote a culture of continuous improvement by identifying opportunities to enhance compliance processes, tools, and resources.

What we are looking for:Bachelor’s degree in Information Technology, Computer Information Systems, or related fields4 years of experience in IT Security Compliance, Risk Management, and Information Security, preferably in the financial services or payment industryRelevant certifications such as CISA, CISM, CISSP, PCI DSS QSA, or ISO 27001 Lead AuditorDeep knowledge of PCI DSS v4.0, ISO 27001:2022, GDPR, SOC 2, and other relevant compliance frameworksExpertise in IT security principles, data encryption, risk management, and GRC (Governance, Risk, and Compliance) methodologiesExperience with security technologies like firewalls, IDS/IPS, SIEM, and encryption toolsProficiency with compliance tools and methodologies such as audit management systems and risk assessment platformsStrong analytical thinking and attention to detailExcellent communication skills to convey complex compliance requirements to various departmentsStrong problem-solving abilitiesAbility to work under pressure, manage multiple tasks, and meet tight deadlinesHigh initiative and teamwork skillActive listening and interpersonal skillsAssociate / Supervisor IT and Software Financial Services 1 opening Bachelor's degree graduateThe transaction is the lungs of the breathing economy, that is why our first step starts with a big dream to pave the way towards freedom of transaction. Since 2007, DOKU has been the first electronic payment system and risk management company in Indonesia. From paying and getting paid to transfer funds, all are possible with DOKU. For more than one decade, we have grown together alongside large and medium scaled companies to personal sellers from various lines of business, ranging from transportation, tourism, insurance, retail, donation, communities, and many more. Collaboration with partners such as local and international banks, also non-banking institutions has strengthened our reputation as a trusted local electronic payment solution. Our business grows together with our partners’ businesses. Thus we have built a payment ecosystem that is supportive and strengthens theirs. The formation of three product pillars that responds to all business needs across all layers of society has marked our transformation from “The Better Way to Pay” becoming “Think Beyond Payments”. The three winning product pillars comprise Payment Gateway and Transfer Services for Corporate, SMEs, Start-ups, and Local and International MSMEs. The last product pillar, Collaborative Commerce, is designed to empower communities and personal usage.

Kalibrr

Lamar