Senior IT GRC Analyst
About the Role
This role involves designing, developing, implementing, and maintaining risk-based IT policies to govern IT usage effectively at GoTo Financial (GTF). It encompasses exposure to financial products and services, including payments, lending, and digital ecosystem services. The role requires monitoring and assisting in the implementation of these policies, ensuring that required controls are effectively achieving their intended objectives. Additionally, the role will be actively involved in obtaining and maintaining certifications such as ISO 27001, ISO 27701, PCI DSS, PSrE, and navigating regulatory audits.
What You Will Do
- Develop and maintain IT policies, standards, and procedures according to applicable internal and external requirements, including the applicable regulations in Indonesia and other countries where GTF operates;
- Develop and maintain compliance, governance, and risk-related IT and business process flow;
- Coordinate with the compliance team to ensure that every initiative, development, and collaboration complies with the standards and regulations (internal and external);
- Conduct routine evaluations of policies and procedures implementation and ensure best practice risk mitigation and assessment functions are maintained to comply with the company's strategy;
- Coordinate with related IT work units to follow up on data requests and internal audit findings, external audits, and regulators;
- Develop the process and conduct the activities to safekeep or archive every IT development document regularly;
- Implement a good governance organization using the ISO 27001, ISO 27701, PCI DSS & PSrE framework and other relevant Technology & Security best practices;
- Develop and implement the RBAC and least privilege of access management in the GTF technology stack;
- Act as a Subject Matter Expert to the stakeholders and provide relevant & applicable consultation for addressing the IT GRC requirement in lending products & services.
What You Will Need
- A minimum of 5 years of experience as Information Security, IT Governance, Risk and Compliance (IT GRC) or IT Auditors;
- Demonstrate excellent communication and writing skills and proficient in English written and spoken;
- Experience in developing and maintaining IT and/or information security policies and procedures;
- Excellent knowledge in developing risk management and IT framework, BIA, BCP, and BCM Framework;
- Experience in report document development and delivery;
- Experience in dealing with regulatory audits to represent the organization IT GRC operations;
- Good knowledge of local and regional payment & lending regulatory requirements and how they impact IT policies (having experience is preferred);
- Excellent experience with ISO 27001, ITIL, COBIT, and PCI-DSS standards;
- One or more of the following or equivalent certifications preferred: CISA, CRISC, ITIL, COBIT.
About the Team
The individual in this role will be a key member of the GTF IT Governance, Risk, and Compliance (IT GRC) team, which is part of the broader GTF Compliance team. They will report directly to the GTF Head of IT GRC. The role requires close collaboration with various departments, including Regulatory and Compliance, Engineering, Legal, People & Partner, and other relevant stakeholders. This cross-functional interaction ensures that IT governance, risk management, and compliance strategies are aligned with the organization's overall objectives.
About GoTo Group
GoTo Group is the largest digital ecosystem in Indonesia with its mission to “Empower Progress” by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms. It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia’s vast consumer household.
About Gojek
Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics, and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.
About GoTo Financial
GoTo Financial accelerates financial inclusion through its leading financial services and merchant solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.
GoTo and its business units, including Gojek and GoTo Financial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
