Information Security & Compliance Analyst

We are seeking a highly motivated and detail-oriented Security and Compliance Specialist to

join our team in Malang. This is a critical role responsible for ensuring our company's adherence

to regulatory requirements and internal policies, with a primary focus on our ongoing SOC2

recertification process. This individual will play a key role in the upcoming gap analysis and will

be instrumental in building new compliance processes from the ground up. The specialist will

work closely with a variety of teams, including IT, HR, Product, and Delivery.

Key Responsibilities:

● SOC2 Recertification & Management:

• Performing internal audits, coordinating with external auditors, and managing documentation.
• Taking ownership of the processes required for a successful SOC2 recertification.
• Lead remediation efforts to close any gaps identified during the gap analysis.
• Establish and manage a continuous monitoring program to ensure ongoing compliance.

● Security Program Management:

• Work closely with the engineering team to implement and maintain security controls and best practices.
• Assist in risk assessments and threat modeling to identify potential vulnerabilities.
• Participate in security incident response planning and post-incident analysis.
• Help define and implement security policies across the organization, including access control and data handling.

● Gap Analysis:

• Collaborate with key stakeholders across all functional areas to identify gaps in our current processes and infrastructure against compliance standards.
• This includes a focus on GDPR, local Indonesian regulations, and our overall security posture.

● Process Implementation:

• Work with functional leads to ensure they understand identified gaps and take full ownership of designing and implementing new compliance measures.
• Guide each functional area to ensure they are properly informed and implement new procedures.

● Compliance Training:

• Responsible for conducting internal training on compliance best practices for other teams.
• Work with various teams to embed security and compliance best practices into their daily workflows.

Required Skills & Qualifications

● Experience:

• Education background in computer science, information technology, or a related field.
• Minimum of 5 years of experience in a similar role, with proven ability to independently lead and execute compliance and security improvement initiatives.
• Familiarity with SOC2 or other compliance frameworks is a plus, but not essential, as training and consultation will be provided.

● Technical Skills:

• Strong foundational knowledge of IT security principles and data privacy regulations, including concepts such as vulnerability management, access control, and incident response.
• Knowledge of network security, system administration, and modern security tools (e.g., SIEM, vulnerability scanners).

● Soft Skills:

• High degree of proactivity and ownership of tasks.
• A strong willingness to learn and adapt to new compliance and security challenges.
• The ability to effectively communicate the importance of compliance tasks and to push for assistance when needed, even with C-level staff.
• Excellent communication and interpersonal skills, with a focus on stakeholder management.
• Well-established written and verbal English communication is a must.
• Ability to work collaboratively with both technical and non-technical teams.
• Strong problem-solving and analytical abilities.