About Eterna Indonesia

Eterna Indonesia is a fast-growing BPO company providing multiple business services including IT infrastructure, software development, security operations, and customer support. We bridge top talent from Southeast Asia with innovative U.S.-based businesses through our remote-first model. We are Great Place to Work® certified with over 200+ employees currently working with NASDAQ and Fortune 500 companies.

We are currently hiring a senior Security Architect / GRC / InfoSec Lead to lead security strategy, architecture, and compliance initiatives for our U.S.-based clients.

About the Role

You'll lead security strategy, architecture, and compliance initiatives for U.S. clients fully remotely with night shift hours (Indonesian time). This is a senior leadership role responsible for designing enterprise security architectures, managing risk and compliance programs, and providing strategic guidance to ensure robust security postures for Fortune 500 and public company clients.

Key Responsibilities

• Own security architecture across infrastructure, applications, and cloud environments
• Design and implement enterprise security strategies aligned with business objectives
• Conduct comprehensive risk assessments, threat modeling, and security reviews
• Define and manage security policies, standards, and governance frameworks
• Lead compliance initiatives: ISO 27001, SOC 2, PCI DSS, HIPAA, CMMC 2.0
• Direct incident response exercises, tabletop drills, and crisis management planning
• Manage vendor risk assessments and third-party security reviews
• Provide security leadership and guidance to cross-functional teams
• Build and mature security programs using NIST CSF 2.0, CIS Controls v8.1, ISO 27001
• Present security strategies and risk postures to executive leadership
• Mentor security engineers and analysts on best practices and emerging threats

Requirements (Must-have)

• 5+ years of security architecture, security management, or GRC experience
• Deep expertise in security frameworks: NIST CSF 2.0, ISO 27001:2022, CIS Controls v8.1
• Strong understanding of cloud security architecture (AWS, Azure, GCP)
• Proven experience leading compliance initiatives (SOC 2, ISO 27001, or similar)
• Demonstrated ability to conduct risk assessments and develop risk treatment plans
• Experience with incident response leadership and crisis management
• Excellent communication skills for presenting to technical and executive audiences
• Fluent in English (written and spoken) for client-facing communication
• Willingness to work night shift (Indonesian time) aligned to U.S. business hours

Preferred Qualifications

Leadership Certifications:

• (ISC)² CISSP (Certified Information Systems Security Professional)
• ISACA CISM (Certified Information Security Manager)
• ISACA CISA (Certified Information Systems Auditor)
• (ISC)² CCSP (Certified Cloud Security Professional)

Compliance & Audit:

• ISO 27001 Lead Implementer or Lead Auditor
• PCI DSS QSA (Qualified Security Assessor) or ISA
• CMMC Certified Professional or Assessor

Architecture & Cloud:

• AWS Certified Security – Specialty
• Microsoft Certified: Azure Solutions Architect Expert + Security Engineer
• Google Cloud Professional Security Engineer
• TOGAF or SABSA (enterprise architecture)

Additional:

• Experience with public company security and audit requirements
• Familiarity with SEC cybersecurity disclosure requirements
• Understanding of data privacy regulations (GDPR, CCPA)
• Board-level presentation experience
• Previous CISO, Director, or VP-level security leadership roles

Note: We welcome candidates who are pursuing these certifications or have equivalent demonstrated experience.

Tools & Technologies You May Use

GRC platforms (ServiceNow GRC, OneTrust, Archer, MetricStream), risk management frameworks, security architecture tools, compliance management systems, SIEM/SOAR platforms, cloud security posture management (CSPM), threat intelligence platforms, enterprise security tools across all domains.

Why Join Us?

This isn't just a job; it's a leadership opportunity. You'll have significant influence on security strategy for U.S. Fortune 500 clients, build mature security programs from the ground up, and represent Eterna Indonesia as a trusted security advisor.

At Eterna Indonesia, you'll be part of a collaborative remote-first culture. You'll have the opportunity to shape security programs, mentor teams, and contribute ideas that make a real impact. We value ownership, continuous learning, and transparency.