Chief Information Security Officer – Indonesia
Binance is a globally recognized blockchain organization known for operating the world's largest cryptocurrency exchange platform, serving millions of users across various countries. We are dedicated to ensuring industry-leading security, transparent user fund management, high-speed trading engine, deep liquidity, and an extensive range of digital asset services. Our offerings span trading, finance, education, research, payments, institutional solutions, Web3 functionality, and more. By harnessing the capabilities of digital assets and blockchain technology, we aim to create an inclusive financial ecosystem that promotes financial freedom and enhances financial inclusivity worldwide.
We are looking for a skilled Chief Information Security Officer (CISO) with a strategic mindset to oversee our cybersecurity, operational resilience, and regulatory compliance operations in Indonesia. This pivotal role involves ensuring compliance with Indonesian financial and data protection regulations, specifically focusing on cybersecurity requirements set forth by regulatory bodies such as OJK, Bappebti, the Personal Data Protection (PDP) Law, and Bank Indonesia, aligned with the overall security framework of Binance on a global scale.
The ideal candidate should possess substantial experience in cybersecurity governance, IT risk management, incident response, and a proven ability to align with both Indonesian and international regulatory frameworks. This position demands a hands-on approach to leadership that entails combining strategic vision with operational execution.
Responsibilities:
Strategic Leadership
- Develop and execute the cybersecurity and operational resilience strategy in Indonesia in line with local regulatory guidelines and global business objectives.
- Serve as the main advisor to executive management and the board on information security risks and regulatory compliance in Indonesia.
- Represent Binance in engagements with Indonesian regulators, including OJK, Bappebti, Bank Indonesia, and Kominfo, regarding cybersecurity, data protection, and operational resilience matters.
- Lead the implementation of cybersecurity programs following OJK Cyber Security Management regulations, Bappebti guidelines on crypto-asset regulations, and PDP Law requirements.
Regulatory Compliance
- Design and implement security frameworks and controls as required by OJK Cyber Security Management guidelines, Bappebti regulations, PDP Law, Bank Indonesia standards, and Kominfo regulations.
- Develop and maintain policies, procedures, and documentation to ensure ongoing compliance with Indonesian regulations and international standards.
- Ensure prompt regulatory reporting, breach notifications as per the PDP Law's requirements, and respond to regulatory inquiries and audits in a timely manner.
- Engage proactively with Indonesian regulatory bodies to stay updated on emerging cybersecurity requirements.
Risk & Incident Management
- Supervise risk assessments, security architecture reviews, and cyber risk reporting at the regional level.
- Establish and maintain incident detection and response capabilities to comply with Indonesian regulatory requirements, ensuring timely reporting and impact assessments.
- Coordinate responses to significant cyber incidents affecting Indonesian operations, including mandatory breach notifications to relevant regulatory bodies.
- Form and lead the Computer Security Incident Response Team (CSIRT) for Indonesian operations.
Third-Party & Supply Chain Risk
- Ensure third-party ICT service providers meet contract and regulatory standards, oversee cloud service providers, and assess concentration risks.
- Collaborate with procurement and legal teams to review contracts, conduct due diligence, and manage exit strategies in accordance with PDP Law requirements for data transfer and processor obligations.
- Manage third-party integrations risk to ensure alignment with security standards and service level agreements.
Cybersecurity Operations
- Provide guidance to the security operations function in Indonesia, covering vulnerability management, monitoring, and threat intelligence.
- Collaborate with global teams on Security Operations Centre (SOC), Security Governance, and IT to align threat detection and response capabilities.
- Conduct cyber threat and vulnerability management, including penetration tests in accordance with regulatory guidelines.
- Implement resilient practices to maintain high standards for Binance products.
Cybersecurity Governance
- Lead Security Risk Management activities involving all stakeholders following the Security Risk Framework.
- Ensure compliance with Security and IT Governance matters in Indonesia as required by regulatory bodies.
- Enhance security governance practices, including regulatory compliance and reporting to the board and committees.
- Work within the three lines of defense model to ensure the security of funds, data, and systems.
- Fulfill security obligations related to governance, regulatory compliance matters, and internal and external audits pertaining to Technology and Security.
- Manage IT security risk for new projects and engagements with third-party vendors.
Requirements:
- Fluent in English and Bahasa Indonesia, either currently based in Jakarta or willing to relocate.
- Previous experience in an approved person's role within a regulated financial institution in Indonesia is preferred.
- Demonstrated expertise in a global setting, emphasizing cybersecurity within a regulatory context.
- Combination of senior management experience and deep knowledge in cyber security is essential.
- Active contribution to the security community through publications or participation in international conferences.
- Minimum of 6 years in finance or related sectors focused on security and technology compliance in global organizations.
