This role is for an organization newly set up in Indonesia, Jakarta.
Responsibilities:
VAPT
- Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) on a wide range of systems, networks, and applications, spanning from SME to Enterprise level.
- Perform thorough source code reviews to identify potential security vulnerabilities and weaknesses.
- Conduct host configuration reviews to ensure systems are configured in alignment with industry best practices and security standards.
- Lead security audits and assessments to identify security gaps and recommend actionable remediation strategies.
- Provide expert security consulting, offering insights and guidance to clients on improving their overall security posture.
- Assess risks associated with identified vulnerabilities and prioritize them based on potential impact and likelihood.
- Collaborate with cross-functional teams to develop and implement risk management strategies.
- Stay current with the latest security trends, threats, and vulnerabilities to continuously enhance testing methodologies and risk assessment techniques.
- Create detailed technical reports and documentation outlining identified vulnerabilities, potential impact, risk assessment findings, and recommended remediation steps.
- Participate in client meetings to explain findings, address concerns, and provide recommendations for improving overall security and risk management practices.
GRC
- Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization’s systems, processes, and policies.
- Develop and implement risk mitigation strategies and controls to minimize the impact of identified risks.
- Stay abreast of evolving security frameworks, regulations, and standards, such as ISO 27001:2022, Cyber Trust Mark, GDPR, PDPA, and NIST.
- Collaborate with cross-functional teams to integrate security requirements into business processes and technology solutions.
- Assist in the development and implementation of security policies, procedures, and guidelines to ensure alignment with regulatory requirements and industry best practices.
- Serve as the primary point of contact for Data Protection Officer (DPO) duties, including overseeing data protection activities, ensuring compliance with relevant data protection regulations, and acting as a liaison between the organization and regulatory authorities or data subjects.
- Provide guidance and support to internal stakeholders on security and compliance-related matters.
- Conduct regular audits and assessments to monitor compliance with established security policies, procedures, and standards.
- Develop and deliver training programs to raise awareness of security risks and compliance requirements among employees.
Requirements:
- Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent work experience).
- Industry-recognized certifications such as OSCP, CREST Certified Tester (CCT), CISSP, CISA, CISM, CRISC or equivalent.
- Extensive experience of at least 3-5 years in performing Vulnerability Assessment and Penetration Testing (VAPT) across diverse environments and Risk Assessment and delivering compliance standards across diverse environments from SME to Enterprise.
- Proven expertise in conducting source code reviews, host configuration reviews, security audits, consulting assessments, and risk management.
- Proficiency in using a variety of security testing tools and frameworks.
- Strong understanding of common security vulnerabilities, attack vectors, and mitigation strategies.
- Excellent written and verbal communication skills, with the ability to convey complex technical concepts to both technical and non-technical audiences.
- Ability to work independently, manage multiple projects simultaneously, and meet tight deadlines.
- Strong problem-solving skills and attention to detail.
- A commitment to staying up to date with the evolving cybersecurity landscape.
