Grc Officer

Jakarta, Jakarta

Work Type: Full Time
- perform security assessment and report any gap and associated risks identified during vendor onboarding or software acquisition initiative
- Internally assess, evaluate and make recommendations regarding the adequacy of the security controls for corporate and developed products against regulatory requirements
- Support information security compliance programs and ensure IT activities meet the defined policies and procedures
- Work with cross-functional team to conduct assessments and perform process improvement
- Develop well-written and comprehensive documentation of processes and procedures
- Review and proofread existing documentations to ensure correctness and proper documentation maintenance. Initiate the documentation changes when required.
- Maintain security policies, standards, procedures, and guideline documents by proactively working with cross-functional teams.
- Respond to risk questionnaires from clients

**Requirements**:

- Bachelor's degree in Information Technology/Computer Science/Information Systems, or a related field. Have 1-2 years of experience in the information security related department
- Understanding of applicable information security management frameworks, governance and compliance principles, practices, laws, rules and regulations relating to technology (e.g., ISO 27001, ISO 27701, ITGC, PDPA, GDPR etc.)
- Have experience in developing and/or implementing enterprise governance, risk and compliance strategy and solutions, or managing security projects
- Have experience in performing risk assessments or internal audits
- Have good knowledge of information technology system and processes, network infrastructure, and data processing
- Familiar with risk management methodology, compliance monitoring, software development lifecycle, and public key infrastructure
- Have experience in document management and familiar with technical illustrations, data flow, and sequence diagrams
- Ability to develop and establish security standards and guidelines document based on best practices and industry standards.
- Ability to translate complex information into a simple, polished, and engaging content based on understanding of products and services

**ABOUT VIDA**

**What are we trying to solve?**
- We have 7.5 billion people on Earth, of which over 1 billion cannot securely prove their identity right now.
- Every year, 140 million babies are born, of which 40 million go unregistered.
- Simply put, these people are deprived of social benefits, such as education and health, their civil rights to vote and travel; and are excluded from the economy because they cannot sign up for bank accounts, loans, welfare programs, etc. We believe this is unacceptable and needs to change.

At VIDA, We are creating a frictionless digital identity system. One that fulfills the needs and expectations of our times, and is available anywhere, for everyone.

**Why are we solving this problem?**
- The United Nations (UN) and World Bank ID4D initiatives aim to provide everyone on the planet with a legal identity by 2030. This deadline is just 9 years away, we are expecting a digital identity to be a legal human right by then and we at VIDA want to be pioneers in leading this change.

**Who are we?**
- We are a highly driven bunch of people to solve this problem for our own reasons. Whether it is to solve for misleading doctors, or because we didn’t get access to fair ration due to corruption - Our collective goal aligns.

**Other things that we care about**:

- Our mission is to enable trust, so what we do is pretty serious stuff - we work hard and we have audacious goals. We balance it through humor and making sure we have fun at work. We take our work seriously, but we don’t take ourselves too seriously.
- We are a startup so at times we will do things that are outside our scope. We do it to learn but we also do it because it takes a village.
- We believe feedback is a gift and should be given freely, constructively, and in a respectful manner.
- We are accountable to many stakeholders, but first and foremost, we are accountable to our mission and each other