IT GRC Analyst (SDE 2)

• Support in the oversight and continuous improvement of information security controls related to user access management.
• Support efforts in ensuring appropriate access provisioning, least privilege enforcement, and periodic access reviews for internal and/or external tools
• Contribute to evaluating the effectiveness of security measures like configuration management practices in infra, network, endpoint, & cloud services in particular as they relate to access controls.

• Initiate, collect, & validate security review for new vendor engagements by sending TPSA (Third-Party Security Assessment) forms
• Coordinate with internal teams (InfoSec, Legal, Procurement) for review and input.
• Assess vendor responses to identify security and compliance risks.
• Classify risk levels (Low/Medium/High) and provide recommendations.
• Ensure vendor engagement meets company's security and regulatory standards (e.g., ISO 27001, OJK, Bank Indonesia, other regulatory).
• Track and document the entire assessment process for audit and reporting purposes.

• Contribute to maintaining and improving the company-wide Information Security Compliance Program by ensuring alignment with internal policies and applicable regulations.
• Assist in the creation, implementation, and maintenance of information security policies, procedures, and control practices to align with internal processes and regulatory requirements.
• Support strategies to handle increasing volumes of IT compliance assessments, including those related to ISO 27001, ITGC, OJK, and Bank Indonesia and other regulations.
• Collaborate for Information Security Awareness activity to ensure alignment of security awareness efforts with compliance requirements and contribute to tracking its effectiveness.

Kredivo Group