Information Security Manager

Qiscus is an AI-powered omnichannel customer engagement platform that enables businesses to meet the rising expectations for exceptional Customer Experiences (CX) by facilitating timely and intuitive conversations at scale.

The SOC Manager plays a critical role in managing the security of data running within the Qiscus system. Therefore, we require a person who possesses hands-on experience in information security with a keen eye for detail to work closely with our high-performing teams.

If you find yourself fitting this role, come join us!

What You Will Do

• Hold the role of Qiscus’ Data Protection Officer (DPO) and responsible for being Point of Contact for security concerns from external stakeholders.
• Design the strategy and implementation of information security systems in accordance with the needs and applicable regulations, including the implementation of internal and external security audits.
  
• Manage the SOC manpower, including hiring and training SOC team members.
  
• Define and review key security performance indicators to ensure proper service delivery and improvements.
  
• Ensure that security incident detection, responses, and recovery procedures are up-to-date and compliant with current security laws and regulations.
• Provide leadership, guidance and technical expertise to the internal, including collaborating with relevant teams.
• Managing the financial aspects of the SOC, including budgeting, reviewing overall information security spending and proposing cost-efficient solutions for the company.
• Develop and provide SOC reports to the relevant stakeholders, including regulators, C-levels, partners and clients.

What You Will Bring to the Role

• A minimum of a Bachelor’s Degree from Information Technology or relevant disciplines
• A minimum of 3 years experience as a SOC Manager, SOC team leader or information security leader, preferably with a B2B SaaS background.
  
• Experienced in IT Security internal and external audits
  
• Possesses strong knowledge of at least 2 of the following security frameworks :ISO 27001:2022, SOC2, NIST, GDPR, PDPA, or PCI-DSS.
• Possesses strong knowledge and hands-on experience on SIEM, IT governance, technical security (Red Team) and applicable laws and regulations related to information security.
  
• Familiar with Metasploit, Mandiant, BloodHound, SQLMaps and/or similar tools.
  
• Familiar with cloud servers, enterprise infrastructure and SaaS applications.
  
• Has abilities associated with leadership, strategic and critical thinking, and is able to pay attention to details.
  
• Willing to be based in Yogyakarta, Indonesia.