Remotery

Chief Information Security Officer

Posted 1 day ago

This is a fully remote position, open to applicants in Indonesia.

📋 Description

• Define and implement the cybersecurity and operational resilience strategy for Indonesia, ensuring alignment with local regulatory requirements and global Binance business goals.

• Serve as the main advisor to executive leadership and the board regarding information security risks and regulatory responsibilities in Indonesia.

• Represent Binance in discussions with Indonesian regulators, including OJK, Bappebti, Bank Indonesia, and the Ministry of Communication and Information Technology (Kominfo), on matters related to cybersecurity, data protection, and operational resilience.

• Lead the execution of cybersecurity initiatives in accordance with OJK Regulation on Cyber Security Management (POJK on Cyber Security), Bappebti crypto-asset regulations, and requirements of the PDP Law.

• Guide the creation and application of security frameworks and controls that align with OJK Cyber Security Management regulations and governance guidelines.

• Develop and maintain policies, procedures, and documentation to ensure continual compliance with Indonesian regulations and international standards.

• Ensure timely regulatory reporting, breach notifications (including the PDP Law's 72-hour notification requirement), and responses to regulatory inquiries and audits.

• Collaborate with Indonesian regulatory authorities to maintain proactive engagement on emerging cybersecurity requirements.

• Oversee risk assessments, security architecture evaluations, and cyber risk reporting at the regional level.

• Establish and maintain incident detection and response capabilities in compliance with Indonesian regulatory requirements, ensuring adherence to reporting timelines and impact assessments.

• Coordinate the response to significant cyber incidents impacting Indonesian operations, including mandatory breach notifications to OJK/Bappebti/Kominfo as required.

• Establish and lead the Computer Security Incident Response Team (CSIRT) for operations in Indonesia.

• Ensure that third-party ICT service providers comply with contractual and regulatory standards, including oversight of cloud service providers and concentration risk assessments.

• Partner with procurement and legal teams to review contracts, conduct due diligence, and manage exit strategies in accordance with PDP Law data transfer and processor obligations.

• Manage risks associated with third-party integrations to ensure compliance with security standards and service level agreements (SLAs).

• Guide the security operations function in Indonesia, focusing on vulnerability management, monitoring, and threat intelligence.

• Collaborate with global SOC, Security Governance, and IT teams to align threat detection and response capabilities.

• Drive cyber threat and vulnerability management as well as penetration tests in accordance with the regulatory framework.

• Implement robust resilience best practices to ensure Binance's products maintain a leading standard.

• Lead Security Risk Management efforts in collaboration with all stakeholders as per the Security Risk Framework.

• Accountable to the regulatory authority for all matters related to Security and IT Governance in Indonesia.

• Maintain and enhance security governance practices, including reporting to regulatory bodies, the board, and committees.

• Participate in the three lines of defense model to ensure the security of funds, data, and systems.

• Ensure all security obligations related to governance, regulatory, and compliance matters are met.

• Support the execution of internal and external audits pertaining to Technology and Security.

• Manage IT security risks for new projects and/or any integration with third-party vendors.

• Lead the local security team while contributing to the continuous improvement of the global department.

• Manage security incidents, including timely reporting to senior management and relevant teams.

• Facilitate ongoing alignment with regulatory compliance obligations and international standards.


⛳️ Requirements

• Proficiency in English and Bahasa Indonesia; currently residing in Jakarta or open to relocation.

• Experience in an approved person's role within a regulated financial institution in Indonesia (preferred).

• Proven track record of international company experience and cybersecurity in a regulatory context.

• A blend of senior management and extensive cybersecurity expertise is essential.

• Contributor to the security community, whether through published works or participation in international conferences.

• Substantial experience in a global team within a dynamic multicultural environment.

• Over 6 years of experience in finance or a related area, concentrating on security and technology compliance in a global organization.

• Comprehensive knowledge of Indonesian financial and data protection regulations, including OJK cybersecurity regulations, Bappebti rules, PDP Law (UU PDP), and Kominfo PSE regulations.

• Proven success in leading cross-functional cybersecurity teams across various jurisdictions.

• Experience in managing ICT risk, cyber incidents, third-party vendors, and penetration testing in line with regulatory standards.

• Deep understanding of Indonesian cybersecurity regulations and operational resilience principles.

• Bachelor's degree or higher in information technology, cybersecurity, or a related discipline.

• Demonstrated self-motivated leadership and exceptional communication and listening abilities.

• Proven management of cybersecurity operations with practical implementation skills.

• Delivery of best practices for international data privacy and information security frameworks.

• Familiarity with NIST Cybersecurity & Privacy Framework, ISO 27001/ISO 27701, CIS, and PCI-DSS.

• Must strive for excellence by default and exhibit a passion for collaboration and team success.

• Proven experience in delivering effective business and technical security solutions.

• A strong interest in the latest cybersecurity trends and emerging threats is essential.

• Experience engaging directly with a regulatory body (OJK, Bappebti, Bank Indonesia, or Kominfo) and implementing their recommendations is mandatory.

• Relevant certifications are a plus: CISSP, CISM, CEH, CIPP, CIPM, FIM, ISO 27701, ISO 27001 Lead Auditor, and/or from ISC2, ISACA, GIAC, CREST.


🏝️ Benefits

• Competitive salary and company benefits

• Work-from-home arrangement (the arrangement may vary depending on the work nature of the business team)

People also viewed

Infovista5 hours ago

Chief Information Officer

GB flagUnited Kingdom OnlyFull-timeChief Technology Officer (CTO)
ApplyView job
Magna55 hours ago

Chief Information Security Officer – Virtual

Anywhere in the WorldFull-timeChief Technology Officer (CTO)
ApplyView job
Owens & Minor1 day ago

Account Executive, Innovations & Technology

US flagConnecticut, +4 more statesFull-timeChief Technology Officer (CTO)$90k – $105k/year
ApplyView job
CROWDCONSULTANTS1 day ago

Chief Product & Technology Officer

DE flagGermany OnlyFull-timeChief Technology Officer (CTO)
ApplyView job
Urrly1 day ago

VP Engineering, CTO Track – Healthcare SaaS

US flagFlorida OnlyFull-timeChief Technology Officer (CTO)$200k – $250k/year
ApplyView job
Startup Wise Guys1 day ago

CTO – Co-Founder

US flagUnited States OnlyFreelanceChief Technology Officer (CTO)
ApplyView job

Never miss a great job!

Get handpicked remote jobs straight to your inbox weekly.

Trusted by 7,400+ designers