Business Security Manager - Indonesia at AirAsia

Tangerang, Banten, Indonesia -

Full Time

Start Date

Immediate

Expiry Date

17 Jul, 26

Salary

0.0

Posted On

18 Apr, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Information security governance, Risk management, Compliance, Project management, Change management, ISO 27001, PCI DSS, Cybersecurity strategy, Stakeholder management, Incident management, Business continuity, Disaster recovery, Data protection, Vulnerability management, Analytical skills, Communication skills

Industry

Airlines and Aviation

Description

Job Description As a Business Security Manager at Indonesia AirAsia, you will report directly to the Group CISO to provide advice, consultation, and awareness of the Group Information Security requirements to technical teams and other employees, and ensure their implementation. You will be responsible for ensuring internal systems and processes in Indonesia are compliant with information security standards (e.g, ISO 27001, PCI DSS, CIS, NIST CSF, etc); monitoring, managing, and closing information security compliance issues. Other responsibilities include identification, evaluation, and interpretation of standards, regulatory, statutory, and member security requirements, control deficiencies, and information security risks. You are the primary point of contact during information security incidents and are responsible for managing the incident. WHAT YOU’LL CHAMPION: Stakeholder Collaboration and Management Acts as the primary cybersecurity leader across the business for Indonesia, aligning enterprise cybersecurity strategy and roadmap with business objectives. Drive and prioritise implementation and integration/adoption of security capabilities within the BU, including embedding security into business digital projects and operations. Ensure the business-specific threat landscape, risks, and regulatory drivers are clearly articulated to the CISO teams and validate cyber architecture decisions that meet the business’s operational and compliance needs. Provide Strategic Threat Briefings to Business Leadership. Cyber Governance Risk Compliance(In-Country) Operationalise Cyber Security Risk Management capabilities such as Business Impact Assessment of the Business unit’s digital portfolio of services and applications to identify Crown jewels to be protected in line with Risk appetite. Deployment of relevant cybersecurity controls, including required local regulatory compliance, to ensure digital solutions, both applications and services, are developed with a secure-by-design principle. Drives Cyber Risk acceptance, risk mitigation, finding management processes, and risk reporting consistently to ensure Cyber Risks are managed and residual risks understood by the leadership. Represent cybersecurity in external audits, customer security reviews, and regulatory submissions. Actively involved and drive preparations in Business Continuity and Disaster Recovery drills for critical business processes and crown jewels. Work with the in-country Data Protection Officer(s) of AirAsia Aviation on data security requirements. Cyber Defence (In-Country) Work with Enterprise Cyber Defence to ensure business assets (e.g., endpoints, network devices, applications, business users, etc.)are updated for purposes of security monitoring and vulnerability management Coordinate business communication, impact analysis, business post-incident review, and remediation with the business teams and in compliance with local regulations Change Management Champion Cyber Security Change program activities to drive awareness, behaviours among the business unit, and increase the Cyber Resilience Drive implementation and integration/adoption of security capabilities and change management to ensure business alignment and effectiveness. Business-level security KPIs/KRIs (e.g., patch compliance, phishing click rates, third-party risk ratings) dashboards, reports to business leaders, and the enterprise CISO. WHO YOU ARE: Bachelor's Degree in Information Technology, or Business with IT, Computer Science, or equivalent Minimum 8-10 years of experience in managing Information Security Governance, Risk Management, and Compliance, Projects/Change Management or related fields Relevant industry certification is an advantage (ISO 27001, CISA, CISSP, CGEIT, etc.) Working knowledge of common IT/information security-related regulations or standards, especially ISO 27001 and PCI-DSS Working knowledge of local information and cybersecurity-related regulations and requirements is a huge advantage Ability to develop, review, and maintain documentation in a timely manner Strong communication (spoken and written), interpersonal, and conflict resolution skills. The ability to establish and maintain rapport with stakeholders is highly desired. Strong analytical and critical thinking skills Result-oriented, high level of attention to detail, self-starter and motivator, ability to multitask and adjust to shifting priorities. WHERE YOU’LL GO: Dispatcher to captain, ramp agent to data analyst, brand executive to CEO - these are some Dare To Dream stories of our Allstars. Based on your performance and contribution in this role, you’ll grow into becoming a Sr Business Security Leader / Regional Cyber Security Manager. In this role, you’ll drive cybersecurity strategy across multiple markets, influence enterprise-level security decisions, and shape the future of cyber resilience within Capital A. WHAT YOU’LL ENJOY: - Physical Wellbeing: Key medical and insurance benefits, maternity expenses, flexible work arrangements, and health and fitness amenities. - Emotional Wellbeing: Paid time off, wellness programmes, and childcare amenities. - Financial Wellbeing: Resources relating to financial, personal skills and career growth programmes. - Allstars Specials: Free flights, unlimited discounted flights, and exclusive discounts with partners. - A unique Allstar culture like no other OUR HIRING PROCESS: - Application received - Candidate screening - Interview(s) and assessment(s) - Background check and/or other assessments - Offer and negotiation GET TO KNOW AirAsia Indonesia: Indonesia AirAsia is part of AirAsia, the world’s leading low-cost airline, committed to making travel affordable and accessible while leveraging technology and data to deliver safe, secure, and seamless experiences for our guests. GET TO KNOW US: Our story begins in 2001 with a dream, two planes and a 40 million ringgit debt. You’ll know us as the ‘Now Everyone Can Fly’ airline (if you don’t, we’re definitely older than you). Today, we’re more than just an airline. We’re Capital A - a world-class brand that wears many hats. Our mission is to connect people and transform lives in ASEAN. Above all, we’re Allstars. We believe in the unbelievable, and we dare to dream. We also believe in celebrating all individuals. So no matter your culture and background, or if you prefer aisle seat to window seat, we’re excited to have you on board. AirAsia Berhad: Asia’s leading airline was established with the dream of making flying possible for everyone. Since 2001, AirAsia has swiftly broken travel norms around the globe and has risen to become the world’s best. Driven by the Dare to Dream spirit, we pride ourselves in being the region’s largest low-cost carrier, serving 24 countries and over 130 destinations. We're not confined by walls, except when we need to answer the call of nature, so all departments mingle every day. As we embrace new technology to become a digital airline, services like BIG Duty Free, BIG Pay, BIG Loyalty, Touristly, ROKKI and Xcite Inflight Entertainment will be an exciting evolution, placing us ahead of the game. Are you in? AirAsia is set to take low-cost flying to an all new high with our belief, "Now Everyone Can Fly"

Responsibilities

The Business Security Manager will lead cybersecurity strategy, governance, and risk management for Indonesia AirAsia while ensuring compliance with international and local standards. They will act as the primary point of contact for security incidents and drive the integration of secure-by-design principles across business projects.