Senior IT GRC & Data Privacy Analyst

At Amartha, we empower micro-businesses across Indonesia, enabling growth and equal prosperity. We've supported over 2.7 million entrepreneurs—mostly women—by disbursing IDR 22.8 trillion in funding. As we step into 2025, Amartha is evolving into a technology-driven financial ecosystem, expanding our reach in lending, funding, and payments. Through innovation and digital solutions, we aim to enhance accessibility, streamline processes, and create a seamless user experience.

About The Role

The Senior IT GRC and Data Privacy Analyst plays a crucial role in Amartha. You will be the warrior who will spearhead various IT GRC and Data Privacy programs to protect Amartha from internal and external threats, including monitoring and managing compliance with ISO 27001, POJK, PSrE, PDP, and other applicable regulations.

Responsibilities

GRC Framework Development and Maintenance:

• Develop, implement, and maintain a comprehensive GRC framework that aligns with industry best practices and regulatory requirements.
• Conduct regular risk assessments to identify potential threats and vulnerabilities.
• Develop and implement risk mitigation strategies and action plans.
• Monitor and report on compliance with internal policies and external regulations.

Data Privacy Compliance:

• Ensure compliance with applicable data privacy regulations and data protection laws.
• Conduct data privacy impact assessments (DPIAs) for new projects or initiatives.
• Develop and implement data privacy policies and procedures.
• Manage data breaches and incidents, including notification processes and remediation activities.

Vendor Management:

• Assess the security and privacy practices of third-party vendors and suppliers.
• Negotiate and manage vendor contracts to ensure compliance with security and privacy requirements.

Regulatory Compliance:

• Stay up-to-date with evolving regulatory requirements and industry best practices.
• Provide guidance and support to the organization in meeting compliance obligations.

Identity and Access Management (IAM):

• Develop and maintain IAM policies, standards, and procedures.
• Implement and manage IAM systems and tools (e.g., identity provisioning, access control, single sign-on).
• Ensure the effective administration of user accounts and privileges.
• Conduct regular IAM audits and reviews to identify and address security gaps.
• Manage access certifications and segregation of duties controls.

• 5+ years of related job experience
• Strong analytical and interpersonal skills
• Excellent communication both in written and spoken (English)
• Ability to express information clearly at different organizational levels
• Strong understanding of industry standards such as ISO 27001, NIST Cybersecurity Framework, GDPR, UU PDP
• Experience in the financial services industry (esp. Microfinance, Payments, etc)
• Having relevant certification are preferable (e.g.  CRISC, CIPP, etc)
• Experience with IAM technologies and frameworks (e.g., Active Directory, LDAP, OAuth, SAML)