Chief Information Security Officer (CISO)

Jakarta, Indonesia | Operation | Full-time | Partially remote

Apply

Mekari is Indonesia's no. 1 Software-as-a-Service (SaaS) company. With our ecosystem of software solutions—including Mekari Jurnal, Mekari Talenta, Mekari Qontak, and Mekari Flex, we aim to facilitate entrepreneurs and leaders as they accelerate the digital transformation of their businesses.

In our 10+ years of journey we have reached over 1 Million platform users, and we're not planning to stop any time soon. We need more people like you: builders and owners with calculated ambition who are eager to grow and create their #BiggestImpact.

Job Description:  
We are seeking a highly skilled and experienced Chief Information Security Officer (CISO) to lead our cybersecurity efforts and ensure the protection of our information systems. The ideal candidate will have a robust background in cybersecurity management, especially cybersecurity practice and regulation in both private and public companies

Key Responsibilities:
  • Develop and implement a comprehensive cybersecurity strategy aligned with business objectives.
  • Oversee the organization’s information security policies and procedures.
  • Manage and lead the cybersecurity team, ensuring effective implementation and monitoring of security controls.
  • Align with the heads of engineering, operations, support, legal & compliance, HR, and sales.
  • Ensure compliance with cybersecurity and privacy regulations, both for private and public entities.
  • Collaborate with executive management to integrate cybersecurity practices into business operations.
  • Evaluate and address potential security risks related to enterprise, network, and cloud environments.
  • Communicate security-related concepts to stakeholders at all levels, ensuring clear understanding and compliance.
Area of Responsibilities:
  • Security of SaaS products such as HR, CRM, communication, document management, accounting and tax, financial management.
  • Security of services such as system integration service and financial services.
  • Enterprise operations of multiple software and financial companies including companies regulated by government agencies (such as BI).
Qualifications:
  • Bachelor’s degree in Computer Science, Information Technology, or a related field. Postgraduate degree is advantageous.
  • CISSP (Certified Information Systems Security Professional) and CISM (Certified Information Security Manager) certifications are required.
  • 5-10 years of experience in a managerial position within cybersecurity.
  • At least 10 years of experience in cybersecurity roles, with expertise in enterprise security, network security, cloud security, and GRC.
  • Minimum of 5 years of experience in a software company or fintech environment.
  • Excellent command of English and superior communication skills.
  • Proven strategic planning abilities and experience in implementing privacy controls.
Skills:
  • Application Security: Emphasize experience in securing software development processes (DevSecOps), including secure coding practices, application vulnerability management, and software security architecture.
  • Incident Response and Management: Include skills related to managing security incidents, breaches, and forensic analysis to ensure the candidate can effectively handle and mitigate security incidents.
  • Security Architecture: Specify the need for expertise in designing and implementing robust security architectures, including zero trust, micro-segmentation, and network segmentation strategies.
  • Identity and Access Management (IAM): Highlight the importance of skills in managing identity and access management frameworks, such as SSO, MFA, and privileged access management (PAM).
  • Threat Intelligence and Monitoring: Include experience with threat intelligence, security monitoring, and SIEM (Security Information and Event Management) tools for proactive threat detection and response.
  • Data Security: Add requirements for experience with data protection technologies, including encryption, data loss prevention (DLP), and data classification frameworks.
  • Cloud Security: While cloud security is mentioned, specifying knowledge of specific platforms (AWS, Azure, GCP) and cloud-native security tools (e.g., AWS GuardDuty, Azure Security Center) would be beneficial.
  • Experience with Security Frameworks and Standards: Specify knowledge of security frameworks such as NIST, ISO 27001, or CIS Controls, which are essential for aligning security strategies with recognized standards.

 

Our team will review your application and will be in touch if your application is shortlisted to the next stage. If you do not hear from us in 30 days, we will keep your resume on file in case a relevant opportunity opens up.
 

Don't forget to check our Recruitment FAQ at bit.ly/RecruitmentFAQ-Mekari [ENG] or bit.ly/RekrutmenMekari-FAQ [INA] to find the answers to commonly-asked questions regarding our recruitment process.

We wish you the best. Hope to see you around soon!