The GoPay CISO acts on behalf of the Gojek CISO and is accountable for the information security of a special line of business at GoPay Group (financial services). The GoPay Group CISO reports to the Gojek CISO however will work in a matrixed capacity with dotted line to the GoPay Group CEO.
The GoPay CISO is accountable for information security of GoPay, Midtrans, Spots, and all subsidiaries under Greater GoPay (PT DKAB) and will drive governance, risk and compliance, security projects, and initiatives accordingly. This leader will be responsible for establishing and driving a business specific Information Security program aligned with the business area risks and will serve as a trusted leader, advisor, and will lead a team to ensure that compliance and security requirements are met. This role will be accountable for reporting on security as well as lead information security projects including technical security implementation of security controls for the heavily regulated financial services in industry. In addition, this role will ensure business compliance with the Global Information Security Policy and Standards while continuously monitoring and reporting on compliance and documented exceptions / tradeoffs for the line of business under GoPay Group.
Develop, consistently drive, and own Governance, Risk and Compliance (GRC) and is accountable to ensure GoPay Group and its subsidiaries achieve and maintain all security compliance.Drive, implement, and maintain physical security requirements and controls based on GoPay Group needs for GoPay group personnel and office areasProvide security Risk Management (Identification, Prioritization, Plan, and Execute) and enable sound decision making through the development and continuous maintenance of a relevant, transparent, proactive and actionable Compliance and/or Security Risk Registers aligned to line of businessesProduce and develop security roadmap, project plans, and budget including the alignment of people, process, and technologies that are mapped to the GRC requirements and needs for the line business. Enable information risk reduction by working continuously and collaboratively with business partners to identify, prioritize and mitigate information risks. Devising strategies and implementing solutions to minimise the risk of cyber-attacksActs as a trusted security advisor and as a subject matter expert to the line of business for all information security with keen focus on stakeholder management. Understanding strategic and functional goals and embedding Information Risk management into the culture of the line of business being served.Develop and continuously maintain a strategic security plan for GRC needs for GoPay, Midtrans, and Spots. Prioritize, oversee and implement associated compliance or risk reduction projects.Serve as the subject matter expert (SME), facilitator, and lead communicator for all areas of security within the line of business.Responsible to work within the Gojek’s Global Information Security Program to connect security control capabilities directly with the line of business. Facilitating the feedback loop for improvement opportunities across Information Security and Risk Management programs.Support, manage and implement security controls arising from security compliance requirements including controls from external/customer and internal audit findings that are specific to the line of business as needed.Balance strategic leadership with a hands-on approach in a fast-paced environment
Exceptional relationship management with senior leaders – ongoing building and maintaining collaborative partnerships across all levels of an organization.Strong ability to clearly articulate decisions based on risk-based / business impact decision tradeoffsProven track record of execution of governance, risk and compliance (GRC) with focus on heavily regulated industriesExperience in leading teams on technical security projects – ensuring commitments are met and ensuring key stakeholders are constantly informed of statusStrong leadership qualities and business acumen able to communicate with all levels of the organization including technical leaders to senior business leadersAbility to objectively judge and assess security risks and business tradeoffs decisions in working and collaborating with key stakeholders including leader of the line of businessAbility to manage and communicate effectively with the ambiguity associated with working in a fast paced and changing environmentSolid people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
Bachelor’s Degree or equivalent experience plus at least 8 years of experience in audit and/or information security related role.7+ years of hands-on experience in Information Security and or Risk Management related functions with demonstrable accomplishments in the Information Security areaCertifications desired Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Information Security Auditor (CISA)Compliance leadership experience in financial services industry. Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security.Experience in leading and/or guiding aspects of information cybersecurity risk including - identification, synthesis, quantification and remediation strategiesBusiness and technical security background - subject matter expertise in security including but not limited to areas in risk & compliance and security product and development engineering and IT infrastructureExperience in previously leading/working information security programs or projects. Experience in leading or collaborating with internal audit functions specialising in cybersecurity and experience and sound acumen in managing and reporting on risks and compliance.Experience in using data analytics and risk quantification – FAIR risk analysis experience or equivalentProject management experience highly desiredAbility to interpret and apply policies and regulations across a large, complex business with focus on financial servicesSpecific experience in Agile software development or other best in class development practices.