IT Grc Specialist

Alodokter is the #1 digital health company in Indonesia. Launched in 2014, Alodokter brings high-quality medical services to its 27+ million Monthly Active Users by providing an integrated mobile solution for patients and doctors.

We empower patients and doctors with better knowledge to help them take better decisions:

- More than 550K monthly teleconsultations between doctors & patients with 800+ doctors in our mobile app
- Largest online booking of doctors and hospitals platform in Indonesia
- Most complete medical content database for patients and doctors in Indonesia

We believe that medical knowledge can help people take better decision for their personal and family health.

Here at Alodokter, we are dedicated to help Indonesian finding the finest health services. We hire people who are passionate, engaging and genuinely dedicated to help others. We train our team to be knowledgeable and highly skilled and reward the value they bring to Alodokter.
Implement and maintain the ISMS Program to ensure information security governance and compliance for Alodokter. This includes creating new or leading the maintenance of existing security, security, and privacy policies, procedures, standards, and specifications to ensure they are updated and aligned with applicable laws, regulations, and the evolution of security risks.

Collaborate with other relevant departments to ensure alignment and compliance of policies, standards, and specifications across the company. This includes managing the information security exception process of assessing, tracking, following up, and providing alternative mitigation action items.

Implement and maintain incident response processes for the company. This includes providing root cause analysis and timely resolution following applicable laws and regulations.

Implement and maintain information security risk management processes. This includes information security risk assessments across departments, systems, services, and third parties. Lead and track the progress of the information security risk management plan and ensure that all updates are documented in the risk register.

Engages with third parties to conduct various information security assessments and information security audits as needed.

Carry out information system compliance audits following applicable regulations and laws.

Perform other duties as assigned by the company from time to time.

**Status**: Permanent employee

**Currently we are hybrid working**: 3 days WFO and 2 days WFH
Bachelor’s degree or higher in IT, Engineering, or related majors.

2 years of experience in IT security or information security related field, preferably in Governance, Risk, and Compliance related experience.

Preferably experienced in working with IT or information security frameworks such as ISO 27001, NIST CSF, CIS CSC, GDPR, HIPAA and PCI DSS.

Preferably experienced in executing and managing ISMS (Information Security Management System).

Excellent written, presentation and verbal communication skills.

Proven experience with risk management, multiple project management, policy development and third party risk assessment is a plus.

Human relations skills to interface with employees at all levels within the organization to manage risk in concert with the business needs that drive the company forward.

Professional attitude and collaborative towards internal and external parties, particularly in collaborating with technical IT professionals to accomplish project objectives.

Constantly stay updated in the industry and competitive environment, new technologies, and new products/services.