Business Security Manager - Indonesia

As a Business Security Manager at Indonesia AirAsia, you will report directly to the Group CISO to provide advice, consultation, and awareness of the Group Information Security requirements to technical teams and other employees, and ensure their implementation. You will be responsible for ensuring internal systems and processes in Indonesia are compliant with information security standards (e.g, ISO 27001, PCI DSS, CIS, NIST CSF, etc); monitoring, managing, and closing information security compliance issues. Other responsibilities include identification, evaluation, and interpretation of standards, regulatory, statutory, and member security requirements, control deficiencies, and information security risks. You are the primary point of contact during information security incidents and are responsible for managing the incident.

WHAT YOU’LL CHAMPION:

Stakeholder Collaboration and Management

• Acts as the primary cybersecurity leader across the business for Thailand, aligning enterprise cybersecurity strategy and roadmap with business objectives.

• Drive and prioritise implementation and integration/adoption of security capabilities within the BU, including embedding security into business digital projects and operations.

• Ensure the business-specific threat landscape, risks, and regulatory drivers are clearly articulated to the CISO teams and validate cyber architecture decisions that meet the business’s operational and compliance needs.

• Provide Strategic Threat Briefings to Business Leadership.

Cyber Governance Risk Compliance(In-Country)

• Operationalise Cyber Security Risk Management capabilities such as Business Impact Assessment of the Business unit’s digital portfolio of services and applications to identify Crown jewels to be protected in line with Risk appetite.

• Deployment of relevant cybersecurity controls, including required local regulatory compliance, to ensure digital solutions, both applications and services, are developed with a secure-by-design principle.

• Drives Cyber Risk acceptance, risk mitigation, finding management processes, and risk reporting consistently to ensure Cyber Risks are managed and residual risks understood by the leadership.

• Represent cybersecurity in external audits, customer security reviews, and regulatory submissions.

• Actively involved and drive preparations in Business Continuity and Disaster Recovery drills for critical business processes and crown jewels.

• Work with the in-country Data Protection Officer(s) of AirAsia Aviation on data security requirements.

Cyber Defence (In-Country)

• Work with Enterprise Cyber Defence to ensure business assets (e.g., endpoints, network devices, applications, business users, etc.)are updated for purposes of security monitoring and vulnerability management

• Coordinate business communication, impact analysis, business post-incident review, and remediation with the business teams and in compliance with local regulations

Change Management

• Champion Cyber Security Change program activities to drive awareness, behaviours among the business unit, and increase the Cyber Resilience

• Drive implementation and integration/adoption of security capabilities and change management to ensure business alignment and effectiveness.

• Business-level security KPIs/KRIs (e.g., patch compliance, phishing click rates, third-party risk ratings) dashboards, reports to business leaders, and the enterprise CISO.

WHO YOU ARE:

• Bachelor's Degree in Information Technology, or Business with IT, Computer Science, or equivalent

• Minimum 6 years of experience in managing Information Security Governance, Risk Management, and Compliance, Projects/Change Management or related fields

• Relevant industry certification is an advantage (ISO 27001, CISA, CISSP, CGEIT, etc.)

• Working knowledge of common IT/information security-related regulations or standards, especially ISO 27001 and PCI-DSS

• Working knowledge of local information and cybersecurity-related regulations and requirements is a huge advantage

• Ability to develop, review, and maintain documentation in a timely manner

• Strong communication (spoken and written), interpersonal, and conflict resolution skills. The ability to establish and maintain rapport with stakeholders is highly desired.

• Strong analytical and critical thinking skills

• Result-oriented, high level of attention to detail, self-starter and motivator, ability to multitask and adjust to shifting priorities.

WHERE YOU’LL GO:
Dispatcher to captain, ramp agent to data analyst, brand executive to CEO - these are some Dare To Dream stories of our Allstars.

Based on your performance and contribution in this role, you’ll grow into becoming a Sr Business Security Leader / Regional Cyber Security Manager. In this role, you’ll drive cybersecurity strategy across multiple markets, influence enterprise-level security decisions, and shape the future of cyber resilience within Capital A.

WHAT YOU’LL ENJOY:

• Physical Wellbeing: Key medical and insurance benefits, maternity expenses, flexible work arrangements, and health and fitness amenities.
• Emotional Wellbeing: Paid time off, wellness programmes, and childcare amenities.
• Financial Wellbeing: Resources relating to financial, personal skills and career growth programmes.
• Allstars Specials: Free flights, unlimited discounted flights, and exclusive discounts with partners.
• A unique Allstar culture like no other

OUR HIRING PROCESS:

• Application received
• Candidate screening
• Interview(s) and assessment(s)
• Background check and/or other assessments
• Offer and negotiation

GET TO KNOW AirAsia Indonesia:
Indonesia AirAsia is part of AirAsia, the world’s leading low-cost airline, committed to making travel affordable and accessible while leveraging technology and data to deliver safe, secure, and seamless experiences for our guests.

GET TO KNOW US:
Our story begins in 2001 with a dream, two planes and a 40 million ringgit debt. You’ll know us as the ‘Now Everyone Can Fly’ airline (if you don’t, we’re definitely older than you).

Today, we’re more than just an airline. We’re Capital A - a world-class brand that wears many hats. Our mission is to connect people and transform lives in ASEAN.

Above all, we’re Allstars. We believe in the unbelievable, and we dare to dream. We also believe in celebrating all individuals. So no matter your culture and background, or if you prefer aisle seat to window seat, we’re excited to have you on board.

We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer.

Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place.