Senior IT GRC Manager

About the Role
The Senior IT GRC Manager will lead a small, dedicated team in the development and implementation of our IT governance, risk, and compliance framework. This role involves navigating complex regulatory requirements, integrating risk management strategies, and ensuring compliance across all IT operations. The individual will be responsible for overseeing audits, identifying vulnerabilities, implementing robust security measures, and driving certifications such as ISO 27001, PCI DSS, and PSrE. In the first six months, the manager will focus on fortifying our risk posture, achieving key certifications, and influencing IT policy reforms, thereby significantly enhancing the organization's resilience against cyber threats.

What You Will Do

• Lead and manage a small team of IT GRC professionals to ensure effective governance, risk management, and compliance across the organization.
• Develop, implement, and maintain IT governance frameworks, risk management strategies, and compliance programs.
• Oversee and coordinate internal and external audits, ensuring timely resolution of findings and recommendations.
• Identify, assess, and mitigate IT risks through continuous monitoring and improvement of security controls and processes.
• Drive and manage certification processes for standards such as ISO 27001, PCI DSS, and PSrE.
• Collaborate with cross-functional teams to integrate GRC initiatives into business processes and IT projects.
• Provide expert advice and guidance on IT GRC matters to senior management and other stakeholders.
• Stay up-to-date with industry trends, regulatory changes, and best practices to ensure the organization remains compliant and resilient against emerging threats.

What You Will Need

• Minimum of 10 years of experience in IT governance, risk management, and compliance.
• Proven track record of successfully leading and achieving certifications such as ISO 27001, PCI DSS, Kominfo PSrE and Webtrust.
• Extensive experience in managing and navigating regulatory audits and ensuring compliance with industry standards.
• Strong leadership skills with the ability to effectively lead a small team and foster a collaborative work environment.
• Excellent stakeholder management skills, with the ability to communicate and influence at all levels of the organization.
• Demonstrated ability to deliver results with limited resources and minimal supervision.
• In-depth knowledge of current IT security trends, regulatory requirements, and best practices.
• Relevant IT GRC or InfoSec certifications such as CISM, CISSP, CRISC, or equivalent.

About the Team
The Senior IT GRC Manager will be an integral part of the GTF IT Governance, Risk, and Compliance (IT GRC) team, and will also work within the broader GTF Compliance team. This role involves reporting directly to the GTF Head of IT GRC and collaborating closely with various key stakeholders, including Regulatory and Compliance, Engineering, Legal, People & Partner teams, as well as other relevant departments. This cross-functional collaboration ensures that all aspects of IT governance, risk, and compliance are aligned with the organization’s goals and regulatory requirements.
About GoTo GroupGoTo Group is the largest digital ecosystem in Indonesia with its mission to “Empower Progress’ by offering technological infrastructure and solutions for everyone to access and thrive in the digital economy. The GoTo ecosystem consists of on-demand transportation services, food and grocery delivery, logistics and fulfillment, as well as financial and payment services through the Gojek and GoTo Financial platforms.It is the first platform in Southeast Asia that hosts these crucial cases in a single ecosystem, capturing the majority of Indonesia’s vast consumer household.
About Gojek Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.
About GoTo FinancialGoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.
GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.