Mekari is Indonesia's no. 1 Software-as-a-Service (SaaS) company. With our ecosystem of software solutions—including Mekari Jurnal, Mekari Talenta, Mekari Qontak, and Mekari Flex, we aim to facilitate entrepreneurs and leaders as they accelerate the digital transformation of their businesses.

In our 10+ years of journey we have reached over 1 Million platform users, and we're not planning to stop any time soon. We need more people like you: builders and owners with calculated ambition who are ready to #ElevateThroughImpact and raise Indonesia's software standard.

Job Description:

This is a senior individual contributor role for someone who believes governance and compliance should run on systems, not spreadsheets. You will own Mekari's security governance and compliance program end to end, act as the company's subject matter expert on AI governance, and rethink how the work itself gets done by embedding AI and automation into every part of the program. You work independently, set your own direction, and are measured by impact rather than team size.

What you will do:

• Own and run the GRC program: risk assessments, IT policies, control framework, and compliance performance measurement across SaaS and regulated financial services products, built on a unified control set so one piece of evidence serves many frameworks.

• Lead all certification and regulatory audits and assessments (ISO 27001, ISO 27701, PJP, DJP) as well as customer and partner audits end to end and independently, and ensure ongoing compliance with UU PDP, while rethinking audit readiness through AI-assisted evidence preparation, control gap analysis, and documentation, so audit cycles get faster every round instead of repeating the same manual grind.

• Reinvent third-party security due diligence and the company-wide security awareness program with AI at the core: automated vendor risk analysis and questionnaire processing, and adaptive awareness campaigns such as AI-driven phishing simulations that reflect real attacker techniques.

• Act as the SME for AI governance: build and own the AI governance framework, assess AI use cases and vendors, and ensure AI adoption complies with UU PDP and AI standards (ISO/IEC 42001, NIST AI RMF).

• Build and operate the GRC platform: automated evidence collection, continuous control monitoring, and AI-assisted compliance workflows that turn point-in-time compliance into continuous assurance.

• Report to the leadership on compliance posture, AI governance status, and the measurable efficiency gains your automation delivers.

Requirements:

• Bachelor's degree and 5+ years of hands-on GRC experience, including ISO 27001 certification programs and OJK, BI, or DJP compliance; ISO 27701 exposure is a strong plus.

• At least 1 year building or running an AI governance program, demonstrated through AI governance frameworks, AI/LLM adoption policies, AI vendor risk assessments, or alignment with ISO/IEC 42001 or NIST AI RMF.

• Deep knowledge of UU PDP and Indonesian financial regulations (PBI, POJK), with direct experience facing regulators and auditors.

• Ability to build automation: scripting, APIs, or AI-assisted tooling to streamline compliance work. This is a must, not a nice-to-have.

• Strong stakeholder management with the ability to influence leadership without formal authority.