IT Security and Risk Manager

Company Description

KMK is a leading footwear manufacturer renowned for its proven record of product excellence and drive for innovation. With more than 30 years of manufacturing experience, KMK has served the needs of Top footwear brands such as Nike, Converse, etc.

PT. Selalu Cinta Indonesia is located at Salatiga, Central Java as a family of KMK Group.

Role Description

As an IT Security and Risk Manager within the Digitalization Division, you will be responsible for establishing, enforcing, and continuously improving security and risk governance across KMK's digital systems, processes, and users. This role focuses on ensuring that security policies, risk controls, and compliance mechanisms are clearly defined, consistently applied, and actively monitored across the organization

You will work closely with Digitalization teams and key business functions, including Finance, Procurement, Legal, and senior management to manage digital and technology-related risks, strengthen internal controls, and embed security and risk awareness into day-to-day operations. This role serves as the central point of accountability for security policy, risk assessment, monitoring, and incident management within the Digitalization scope

Key Responsibilities

1. IT Security & Risk Governance

2. Define, maintain, and continuously improve KMK's IT security and risk management framework, policies, and standards

3. Establish governance for system usage, access management, account ownership, and software licensing
4. Translate security and risk policies into practical, enforceable procedures across business units and manufacturing sites
5. Act as the primary point of accountability for IT security and risk matters within the organization

2.Risk Management, Compliance, and Controls

• Identify, assess, and monitor IT security and operational risks, including access control weaknesses, policy non-compliance, data protection risks, and system misuse
• Develop and maintain an IT security and risk register, including mitigation actions, ownership, and tracking
• Support internal and external audits related to IT security, risk, and compliance
• Collaborate with Finance, Legal, Procurement, and Internal Audit on matters with financial, regulatory, or reputational impact

3.Security Monitoring and Incident Management

• Establish monitoring mechanisms for system access, account usage, and compliance with security policies
• Investigate security incidents and policy violations, coordinating corrective and preventive actions
• Define and maintain incident response procedures, including escalation, documentation, and root-cause analysis
• Ensure findings from incidents are translated into strengthened controls and improved governance

4.Identity, Access, and License Governance

• Govern user access management across systems, ensuring appropriate authorization, segregation of duties, and periodic access reviews
• Enforce the use of corporate-owned accounts for systems, tools, and software licenses
• Oversee software license governance, including ownership clarity, compliance, renewals, and vendor coordination
• Partner with programmer and Digital COE teams to ensure security and risk considerations are embedded in solution design

5.Stakeholder Engagement and Awareness

• Work closely with business leaders and functional teams to embed security and risk controls into operational processes
• Lead security awareness and policy socialization initiatives to improve compliance and risk understanding
• Provide structured reporting to management on security posture, key risks, incidents, and improvement progress

Support a culture of accountability, balancing enforcement with business practicality

Requirements

Education

• Bachelor's degree in Information Technology, Information Security, Computer Science, or a related discipline

Professional Experience /
Qualifications

• A minimum of 5 years of experience in security governance, technology risk management, or related roles
• Professional certifications such as CISM, CISSP, ISO 27001, or equivalent are preferred
• Proven experience implementing and enforcing security and risk controls in a digital or enterprise environment
• Experience handling incidents, access violations, or compliance breaches
• Manufacturing or large enterprise experience is a plus

Skills

• Strong understanding of security governance, risk management, and compliance in digital environments
• Practical knowledge of access management, policy enforcement, and software license governance
• Ability to translate policies into operational controls and drive adoption
• Strong analytical and investigative skills
• Clear and confident communication skills, including with senior stakeholders
• Professional English communication skills