Security Engineering Lead

Jakarta
Permanent
Full-time

10 days ago
Apply easily

About The Job: We are looking for an experienced and passionate Security Engineering Lead with a proven track record in building and leading security teams. You will play a critical role in shaping and executing the company’s cybersecurity strategy, ensuring compliance with regulatory requirements, and strengthening our security posture across applications, infrastructure, and governance. This role requires strong leadership, technical expertise, and the ability to collaborate with multiple stakeholders to achieve company-wide security goals.Responsibilities:

Define and create the InfoSec division’s quarterly task list and ensure alignment with company objectives.
Supervise and guide the work of each InfoSec team member across Cloud Security, Application Security, Governance & Compliance, and Incident Response, ensuring OKRs are achieved.
Regularly report team progress, challenges, and achievements to the CTO.
Maintain and oversee ISO 27001:2022 certification for the company group.
Develop and update cybersecurity strategies to anticipate and address evolving cyber threats.
Establish annual CapEx and OpEx budget plans for the company’s cybersecurity needs and InfoSec team requirements.
Maintain and prepare annual security reports required by regulatory bodies (e.g., BI & OJK).
Implement company security policies based on industry frameworks such as ISO 27001:2022, NIST, RMF, and OWASP.
Coordinate and collaborate with other divisions on security-related initiatives and shared responsibilities.
Compile quarterly cybersecurity reports for management and stakeholders.
Reduce operational security costs while maintaining efficiency and effectiveness according to management priorities.
Develop and maintain a company-wide security maturity assessment framework and track improvements over time.

Requirements:

Minimum 5 years of experience in Information Security, with at least 2 years in a leadership or management role.
Strong communication skills, with the ability to translate complex security concepts into business language.
Proven experience leading security teams in areas such as AppSec, CloudSec, GRC, and Incident Response.
Deep understanding of regulatory requirements (ISO 27001:2022, PCI DSS, BI, OJK).
Strong background in penetration testing, cloud security (GCP/Hybrid/Kubernetes), and security operations.
Proficiency in security defense technologies (e.g., SIEM, WAF, Firewall, CSPM).
Knowledge of scripting/programming (Java, Python, Golang) is an advantage.
Hands-on experience with CI/CD security (SAST, DAST) and version control (Git).
Good knowledge of risk scoring methodologies (OWASP Risk Rating, CVSS).
Familiar with SQL-based databases (PostgreSQL, MySQL, etc.).
Strong ability to design security strategies, reduce costs, and improve overall security maturity.
Professional certifications such as CISM, CISSP, ISO27001 Lead Auditor or equivalent are highly desirable.

byOrange