Head of GoTo Financial (GTF) Information Security
Jakarta
Applications have closed
Gojek
Gojek is Southeast Asia’s leading on-demand platform and a pioneer of the multi-service ecosystem model, providing access to a wide range of services including transportation, food delivery, logistics and more.He/she will partner with Engineering, Product, and Risk, Privacy, and Government Relations teams to ensure that security is effectively interlocked and aligned with key business stakeholders. This leader is responsible for establishing and driving a security program to integrate security into existing processes as well as establishing new processes to achieve security goals. He/she will serve as a trusted leader, advisor, and will lead a team to ensure that security requirements are met and aligned with business objectives.
He/she will work together with the regulatory organization including relevant industrial associations in Indonesia to ensure regulatory compliance of GTF’s products and services in terms of IT and information security related regulations.
The Head of GTF Information Security reports to the GTF CISO and will lead and grow an existing team and continuously evolve the product security function to align and scale with the business.
Reporting to the GTF’s CISO, the head of GTF Information Security is accountable for strategic leadership and direction of GTF’s information security program including regulatory compliance, IT GRC, DevSecOps, and security operations ; tight alignment with internal and external stakeholders, including relevant regulators and industrial associations; developing strategic planning for information security and IT risk management includingrisk register development, security roadmap, required security controls for GTF; collaborating with the product and engineering stakeholders to drive the completion of information security & IT GRC controls; develop and lead a diverse and high performing team.
Responsibilities
- Compliance / IT GRC / DevSecOps
- Achieve and maintain security compliance for GTF Security’s products and services including PCI and ISO 27001
- Develop and execute a secure software development strategy (DevSecOps) with the Product Engineering Group (PDG), including policies, standards and governance. Build and mature the DevSecOps program and implement “shift left” initiatives
- Ensure an engaged, innovative, and encouraging working environment in the department by motivating, challenging, and mentoring employees towards growth.
- Design, improve, and manage security automation to integrate application security into various CI/CD across the enterprise
- Improve and expand application security risk posture and processes across GTF’s PDG across GTF product groups
- Develop and execute and IT & information security risk management program in alignment with the corporate risk management framework
- Develop information security architecture that include identification and assessment of relevant information security & IT GRC controls to mitigate possible risks
- Set up information security & IT-GRC objectives and key results including supporting metrics
- Collaborate with relevant stakeholders and disciplines to ensure effective and efficient implementation of information security & IT-GRC initiatives
- Develop and manage GTF information security budget
- Provide regular reporting updates of metrics (OKR’s), risks, and achievements
- The current state of information security posture and initiatives; the current state of IT & information security risk;
- Ensure regulatory and contractual compliance of GTF’s IT and information security practices that includes ensuring positive optics of GTF compliance posture
- Leadership - Team Development and Succession Planning
- Develop and manage key stakeholder relationships with senior leaders from engineering, product, and business teams to ultimately achieve security outcomes
- Work with peer organizations to benchmark and measure security metrics regularly
- Build, grow, mentor and continuously cultivate a high-performance devsecops team
- Actively work on succession planning and develop and mentor managers and staff to achieve career goals
- Leads cross-functional teams to define objectives, strategies and metrics in working towards targeted security goals and outcomes
- Own and actively and responsibly manage the product / devsecops security budget to ensure highest return on investments
- Participate in personnel management including recruitment and selection, adequate staffing, performance appraisals, education and training
Relevant Experience
- Exceptional relationship management with senior leaders and stakeholders – ongoing building and maintaining collaborative partnerships across all levels of an organization.
- Strong ability to clearly articulate decisions based on risk-based / business impact decision tradeoffs
- Strong track record in security with financial technology (FinTech) including e-money, e-wallets, banks, and merchant partners
- Experience in leading teams on technical security projects – ensuring commitments are met and ensuring key stakeholders are constantly informed of status
- Experience in working with regulatory organizations including relevant industry associations relevant with IT and information security to ensure regulatory compliance and positive optics of GTF compliance posture;
- Strong leadership qualities and business acumen able to communicate with all levels of the organization including technical leaders to senior business leaders.
- Ability to manage and communicate effectively with the ambiguity associated with working in a fast paced and changing environment
- Strong people management skills – providing direction, monitoring performance, motivating staff and building a positive working environment
The Person
- Bachelor’s of Science degree in an Engineering discipline; Master’s preferred or equivalent work experience
- 10+ years of security experience with specific experience in financial technology (FinTech) highly diversified and high growth organizations.
- Established track record in leading security teams including IT GRC, DevSecOps teams in implementing “shift left” strategies
- Track record of aligning and achieving security requirements business requirements and interlock with key stakeholders
- Experience in managing and developing IT GRC, DevSecOps and Product Security function and teams
- Strong experience in securing large technology infrastructures including cloud-based tech including kubernetes, docker, VM. Plus with with experience with Google Cloud Platform (GCP)
- Experience in establishing and rolling out Threat Modeling that can be consumed by developers and engineers into user stories
- Deep knowledge of common information security management frameworks, including but not limited to: ISO 27001 / 27002 and PCI
- Professional security certifications, such as a Certified Information Systems Security Professional (CISSP) or other relevant security credentials desired
Gojek is a Super App. It’s one app for ordering food, commuting, digital payments, shopping, hyper-local delivery, and dozen other products. It is Indonesia’s first and only decacorn. It's also the only Southeast Asian startup to be part of Fortune's list of 'Companies That Changed The World.'
Our Mission: To create and scale positive socio-economic impact for our customers, driver-partners, business and MSMEs.
As of 2018, Gojek processed more than $9 billion annualised gross transaction value across all markets where it operates - in Singapore, Thailand, Vietnam and Indonesia. We have the largest food delivery product in Asia, (outside of China), and the largest payments wallet in Southeast Asia.
Our investors include Google, Facebook, PayPal, Sequoia Capital, Tencent Holdings among others.
Gojek is committed to building a diverse and inclusive workplace and is an equal opportunity employer. We do not discriminate on the basis of race, religion, national origin, gender, gender identity, sexual orientation, disability, age, education status, or any other legally protected status.
Tags: Application security Automation CI/CD CISSP Cloud Compliance DevSecOps Docker FinTech GCP Governance Industrial ISO 27001 Kubernetes Monitoring Privacy Product security Risk management Strategy
Perks/benefits: Career development Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Cyber Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Staff Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs