Internal IT Audit Officer

We are seeking candidates who not only have strong IT audit capabilities but also a deep interest and skill in IT Security and Cybersecurity, including:

1. IT Audit, IT Process, IT Security, Cybersecurity Framework:
2. Strong understanding of IT audit principles, including fieldwork, sampling, and risk-based audit.
3. Familiarity with information and cyber security standards such as ISO 27001, NIST Cybersecurity Framework, or similar.
4. Understanding of System Development Life Cycle (SDLC) and Project Management methodologies (e.g., PMI, Agile/Scrum, Prince2).
5. Knowledge of IT governance frameworks like COBIT and their application to risk and control environments.
6. IT & Cybersecurity Audit:
7. Ability to apply IT audit and cybersecurity knowledge in evaluating internal controls, identifying security gaps, and recommending risk mitigation strategies aligned with frameworks such as ISO 27001, NIST CSF, or COBIT.
8. Comfortable working collaboratively with external parties, including regulators (e.g., OJK), external auditors, and third-party consultants during security reviews, audits, and control evaluations, as well as monitoring and facilitating timely follow-up on agreed corrective actions.
9. Technical Tools:
10. Interest or basic experience in using data analytics, scripting (e.g., Excel, SQL, Python), and modern technologies such as AI to support audit automation, big data analysis, and risk identification. Familiarity with tools like Power BI, Tableau, or AI-based solutions is a plus, but not mandatory.
11. Familiarity or exposure to cybersecurity tools such as SIEM, vulnerability scanners, and penetration testing frameworks, particularly in the context of IT audit or control evaluation. Enthusiasm to deepen skills in this area is highly valued.

Specific Criteria:

• Bachelors degree (S1), preferably in Computer Science, Information Systems, or Accounting with a focus on IT/SIS.
• Minimum 2 years of relevant experience in IT Audit, IT Risk, IT Governance, or related IT fields.
• Experience in IT Security and/or Cybersecurity-related roles (either standalone or embedded within audit responsibilities) is highly desirable.
• Holding professional certifications (e.g., CISA, CISM, CRISC, CISSP, ISO 27001 LA/LI) or having attended formal trainings in IT Audit, Information Security, or GRC is a strong advantage.
• Demonstrated passion and initiative in cybersecurity, such as participation in ethical hacking communities, cybersecurity blogs/research, or self-initiated security testing projects, is a plus.

General Requirements:

1. Graduated from a reputable university with min. GPA 3.00
2. Have good communication skills (Indonesia & English), both verbally and in writing
3. Computer literate (Microsoft Office)
4. Having knowledge related to Capital Market will be an advantage
5. Live with our core values Teamwork, Integrity, Professionalism and Service Excellence

Information :

• Company : Indonesia Stock Exchange
• Position : Internal IT Audit Officer
• Location : Jakarta Selatan
• Country : ID