IT GRC Manager - Consumer Lending

About the Role

The IT GRC Manager will spearhead the development and implementation of a robust governance, risk, and compliance framework, specifically tailored to our financial products, lending, and identity services.

Tasked with bridging the gap between policy and practice, the Manager will monitor the execution of internal controls and evaluate their efficacy in meeting strategic objectives.

A primary focus involves driving the organization toward ISO 27001 and ISO 27701 certifications while ensuring continuous readiness for regulatory audits.

Within the first six months, the successful candidate will be expected to fortify the company’s risk posture and influence critical IT policy reforms, ultimately enhancing organizational resilience against an evolving cyber threat landscape.

What You Will Do:
• Coordinating with the compliance team to ensure that every initiative, development, and collaboration complies with the standards and regulations (internal and external);
• Conduct routine evaluation of policies and procedures implementation and ensure best practice risk mitigation and assessment functions are maintained to comply with the company's strategy;
• Act as a Subject Matter Expert to the stakeholders and provide relevant & applicable consultation for addressing the IT GRC requirement in lending & identity product & services;
• Ensure effective governance, risk management, and compliance across the organization.
• Develop and maintain compliance, governance, and risk-related IT and business process flow;
• Coordinate with related IT work units to follow up on data requests and internal audit findings, external audits, and regulators;
• Develop the process and conduct the activities to safeguard or archive every IT development document regularly;
• Implementing a good governance organization using ISO27001, ISO 27701, and other relevant Technology & Security best practices.

What You Will Need:
• Proven track record of successfully leading and achieving certifications such as ISO 27001 and ISO 27701;
• Excellent stakeholder management skills, with the ability to communicate and influence at all levels of the organization;
• Demonstrated ability to deliver results with limited resources and minimal supervision;
• Minimum of 5 years of experience in IT governance, risk management, and compliance;
• Extensive experience in managing and navigating regulatory audits and ensuring compliance with industry standards;
• Strong leadership skills with the ability to effectively lead a small team and foster a collaborative work environment;
• Having excellent experience with ISO 27001 and ITIL. COBIT and PCI-DSS standards;
• One or more of the following or equivalent certifications are preferred: CISA, CISM, CRISC, ITIL, COBIT, ISO 27001, and LA is preferred.

About the Team

The GTF IT GRC team consists of dedicated specialists who act as the supporting system of our technical operations for our lending and identity services. You will find a culture that values mentorship, clear communication, and collective problem-solving. We believe that GRC is most effective when it’s collaborative, not just corrective.

In this team, you will work closely across several key pillars of the organization:

• Engineering & Tech: You’ll partner with our engineers to ensure that security controls are "baked in" to our lending and identity platforms from day one.
• Legal & Regulatory: You’ll work alongside our compliance experts to translate complex financial laws into clear, actionable IT policies.
• People & Partner Teams: You’ll collaborate to foster a company-wide culture of security, ensuring that every employee and third-party partner understands their role in protecting our ecosystem.

About GoTo Group
GoTo is the largest digital ecosystem in Indonesia. GoTo's mission is to 'empower progress' by offering technology infrastructure and solutions that help everyone to access and thrive in the digital economy.
The GoTo ecosystem provides a wide range of services, including mobility, delivery, payments, financial services, and technology solutions for merchants. The ecosystem also provides e-commerce services through Tokopedia and banking services through its partnership with Bank Jago.

About Gojek
Gojek is Southeast Asia’s leading on-demand platform and pioneer of the multi-service ecosystem with over 2.5 million driver partners across the regions offering a wide range of services such as transportation, food delivery, logistics and more. With its mission to create impact at scale, Gojek is committed to resolving consumer problems and raising standards of living by connecting consumers to the best providers of goods and services in the market.

About GoTo Financial
GoTo Financial accelerates financial inclusion through its leading financial services and merchants solutions. Its consumer services include GoPay and GoPayLater and serve businesses of all sizes through Midtrans, Moka, GoBiz Plus, GoBiz, and Selly. With its trusted and inclusive ecosystem of products, GoTo Financial is open to new growth opportunities and aims to empower everyone to Make It Happen, Make It Together, Make It Last.

GoTo and its business units, including Gojek and GoToFinancial ("GoTo") only post job opportunities on our official channels on our respective company websites and on LinkedIn. GoTo is not liable for any job postings or job offers that did not originate from us. You should conduct your own due diligence to prevent being victims of any fake job scams, if they did not originate from GoTo's official recruitment channels.

#LI-ONSITE