Job Description
Full details about the role and requirements
Yukerja Summary
The Information Security Policy Specialist role at Sinar Mas Agribusiness and Food is curated from JobStreet (category Teknologi & IT). Note the work location (South Jakarta, Jakarta) before applying. Yukerja.com is not the employer — applications are handled on the official source site.
Job Description Summary:
The Information Security Policy Specialist is responsible for developing, standardizing, and maintaining comprehensive information security policies, standards, and procedures across all cybersecurity domains. This role ensures consistent governance, eliminates outdated or fragmented documentation, and drives alignment with regulatory requirements, industry best practices, and organizational security objectives.
The specialist acts as a key contributor in establishing a unified, structured, and scalable policy framework to support effective cybersecurity governance and operational consistency.
Job Description:
Develop, review, and maintain information security policies, standards, procedures, and guidelines.
·Standardize and consolidate security documentation to ensure consistency across the organization.
Collaborate with Cybersecurity, IT, Risk, Compliance, and Legal teams to define and validate security controls.
Ensure policies align with industry standards and frameworks such as ISO 27001/27002, NIST CSF, and CIS Controls.
Support policy governance processes, including version control, review cycles, approvals, and audit readiness.
Maintain a centralized policy repository and ensure documentation remains current with regulatory and business requirements.
Promote awareness and adoption of information security policies through communication and training initiatives.
Identify policy gaps and recommend continuous improvements to strengthen governance and compliance.
Job Requirements:
Bachelor's degree in Information Security, Cybersecurity, Information Technology, or a related field.
3–7 years of experience in Information Security Governance, Risk & Compliance (GRC), or security policy development.
Experience in developing and maintaining information security policies, standards, and procedures.
Good understanding of cybersecurity domains, including IAM, Network Security, Cloud Security, Endpoint Security, and Data Protection.
Familiar with security frameworks and standards such as ISO 27001/27002, NIST CSF, and CIS Controls.
Strong technical writing, documentation, analytical, and stakeholder management skills.
Ability to translate technical security requirements into clear and practical policies.
Professional certifications such as CISA or CISM are an advantage.
"Our company has never levied any fees for the recruitment process nor has it required to order tickets and accommodation through a certain travel agent or certain person"