Deskripsi Pekerjaan

Ensures that the risk to the DOKU’s information posted by a variety of cyber threats (cyber-attacks; theft or corruption from within; etc.) is minimized. When cyber-attacks occur or data are stolen or compromised, these incidents are dealt with promptly and effectively and the chance of that particular type of incident recurring is minimized.

Main Responsibility:

  • Implement and administer system and procedures to ensure the protection of information processed, stored and transmitted
  • Ensure business relationships involving third parties, outsourcing and consultants meet DOKU’s Information protection requirements
  • Ensure that all highly sensitive & restricted information is identified as required by the policy & all applicable standards are followed
  • Resolve moderately complex issues regarding information systems security, including access control administration and violation analysis.
  • Assist in identifying security risks and exposures, including security violations by participating in security reviews, evaluations and risk assessments.
  • Collect and compile historical data on system access and generates reports and analyses
  • Record and respond to security incidents
  • Vulnerabilities scanning with security tools that are credible.
  • Device control & Software control administration
  • Monitor compliance to Security Standards (PCI, ISO 27001, CyberSecFramework) and conduct regular reviews
  • Information Security Awareness training
  • Maintain strong effective partnership with component teams as well as subject matter experts
  • Maintain a positive attitude and professionalism while dealing with difficult partners


  • A bachelor’s degree in information technology or computer science is required
  •  3-5 years of relevant experience would be attractive within the IT Security or banking field
  •  System and Technology experience in multi-national company preferable
  • IT Security and risk management experience
  • Knowledge of, and experience with Networking Protocol, Cyber Security incident types such as a denial of service attacks, malicious software infections, active intrusion techniques, and misappropriate use scenarios would be advantages
  • Strong analytical, written communication, interpersonal, and presentation skills
  • Certified in information security (CISSP, CSSLP, CCFP, CISM, etc.) or comparable work experience will be given preference. Risk analysis/assessment experience a plus.
  • Strong understanding and demonstrated experience using IT control methodologies and standards
  • Demonstrate knowledge in one or more critical areas of technology including operating systems, data centers, and network technologies (routers, switches, firewalls)
  • Experience with Microsoft Windows Server/Unix server required. Microsoft Project experience preferred.