IT Security & GRC Manager (Fintech)

TL;DR

IT Security & GRC Manager (Fintech): Developing and maintaining IT governance, risk, and compliance frameworks within a financial services environment with an accent on regulatory alignment (POJK, PBI) and security standards. Focus on implementing ISO 27001 and PCI-DSS controls, managing audit processes, and ensuring organizational adherence to information security policies.

Location: Jakarta, Indonesia

Company

hirify.global is an Indonesian fintech startup simplifying financial product discovery and application through a transparent, meritocratic, and technology-driven platform.

What you will do

• Develop and maintain IT policies, standards, and procedures aligned with internal requirements and Indonesian regulations (POJK, PBI).
• Coordinate with compliance teams to perform gap assessments and recommend risk mitigation measures.
• Implement RBAC and least privilege access management models.
• Assess the effectiveness of IT controls to safeguard information assets and ensure system availability.
• Manage audit follow-ups and coordinate with IT units to implement recommendations from internal, external, and regulatory audits.
• Conduct regular awareness training to ensure IT policies are integrated into daily operations.

Requirements

• Minimum 3 years of experience in Information Security, IT GRC, or IT Auditing within the banking or financial services industry.
• Proven experience in implementing or auditing ISO 27001 and PCI-DSS standards.
• Strong understanding of Indonesian regulatory requirements (OJK, BI, Kemkominfo).
• Experience in developing and maintaining IT and information security policies.
• Excellent communication and writing skills.
• Professional certifications such as CISA, CRISC, or CISSP are preferred.