Mekari is Indonesia's no. 1 Software-as-a-Service (SaaS) company. With our ecosystem of software solutionsincluding Mekari Jurnal, Mekari Talenta, Mekari Qontak, and Mekari Flex, we aim to facilitate entrepreneurs and leaders as they accelerate the digital transformation of their businesses.
In our 10+ years of journey we have reached over 1 Million platform users, and we're not planning to stop any time soon. We need more people like you: builders and owners with calculated ambition who are eager to grow and create their #BiggestImpact.
Job Summary
As the Infosec and Compliance Manager, you will play a key role in shaping and maintaining a secure IT environment for our client. You will lead the development and execution of IT governance, risk management, and compliance programs, ensuring that our cybersecurity practices are robust and in line with our business objectives. As the subject matter expert, you will spearhead efforts to safeguard the organization, aligning IT initiatives with our broader strategic goals.
Key Responsibilities
- Assess and refine the organization's IT security, risk management, and governance practices.
- Direct and deliver global Information Security Compliance activities, to products including SaaS and regulated financial services,
- Adopt, integrate, and customize multiple compliance framework to justify compliance plan and measure security and compliance performance
- Develop and enforce IT policies and procedures to safeguard company assets.
- Identify and assess potential risks, create mitigation strategies, and monitor their effectiveness.
- Lead efforts to strengthen the company's cybersecurity posture.
- Conduct security and compliance due diligence on 3rd party's organization
- Responsible to organization's security and compliance awareness.
- Oversee the management of cybersecurity incidents and investigations.
- Ensure adherence to relevant laws, regulations, and industry standards.
- Collaborate with IT and business teams to embed GRC best practices into operational processes.
- Facilitate certification bodies, regulators, customers, and partners audit to maintain certifications, attestations, or licenses such as UU PDP, ISO 27001, PJP, DJP, etc.
- Report regularly to CISO on the status of all Compliance-related activities including compliance processes metrics, issues, and remediation actions.
Qualifications
- Minimum bachelor's degree.
- Proven leadership abilities with a deep understanding of IT governance, risk management, and compliance principles.
- Minimum of 4+ years of IT experience, with a focus on governance, risk, and compliance.
- At least 3 years experience in GRC activities, including experience related to compliance of ISO 27001 certifications. OJK, BI, or DJP's requirements.
- Understanding of data privacy regulations relevant to Indonesian privacy laws.
- Demonstrated ability to develop and implement IT policies.
- In-depth knowledge of industry-specific regulations (e.g., PBI, POJK).
- Experience in facilitating IT security audits and working with regulators or auditors.
- Strong familiarity with ISO 27001 standards.
- Familiar with both offensive and defensive cybersecurity strategies.
- Good understanding of business processes of SaaS and financial services
- Good understanding of security and compliance principles
- Good stakeholders management and communication skill
Preferred
- Knowledge of ISO 27701 standards.
- Hands-on experience in cloud security.
- Relevant certifications (e.g., CISM, CISSP).
What You Will Get
- Competitive salary + daily allowance.
- Premium private health insurance (outpatient, inpatient, maternity, dental).
- Early access to salary + flex installment (employee loan) via Mekari Flex.
- Allowance for sports activities and glasses/contact lenses.
- Flexible working hours and remote work culture with free co-working space services.
- Annual and unpaid leaves from day 1 of join date + unlimited sick leave with doctor note.
- Notebook Ownership Program.
- Strategic office location, accessible by MRT.
- Friendly and dynamic work environment.
- Opportunity to take part in growing Indonesia's no. 1 SaaS company
Our team will review your application and will be in touch if your application is shortlisted to the next stage. If you do not hear from us in 30 days, we will keep your resume on file in case a relevant opportunity opens up.
Don't forget to check our Recruitment FAQ at
bit.ly/RecruitmentFAQ-Mekari [ENG] or
bit.ly/RekrutmenMekari-FAQ [INA] to find the answers to commonly-asked questions regarding our recruitment process.
We wish you the best. Hope to see you around soon!