IT GRC

Who we are

We are Honest – a company committed to building financial products that people truly love. Our products are designed to be fair, simple, and genuinely useful in everyday life. Our diverse team brings together people from different backgrounds who share the same goal: to create meaningful solutions that make finance better. After successfully launching our first product, we're now in an exciting growth stage, learning fast, moving quickly, and building together as a team.

About the role

Join Honest as an IT GRC Specialist and help us build a secure, compliant, and resilient technology environment. You'll be at the forefront of technology governance, risk management, and regulatory compliance, partnering with teams across the organization to strengthen controls, manage IT risks, support audits, and ensure adherence to industry regulations. If you have a passion for technology risk, information security, and driving governance excellence in a dynamic fintech environment, we'd love to hear from you.

How you will make an impact

• Audit and Regulatory Compliance PIC: You’ll lead the charge for annual audits ranging from PCI-DSS, ISO 27001, along with generic and regulator specific audits.

• You’ll draft and maintain IT policies and procedures and ensure they are aligned with ISO 27001 and the latest local regulations while remaining readable by the general people.

• Data-Driven Insights: Produce monthly cybersecurity Key Risk Indicators (KRI). Work with various stakeholders to tell the story of our cyber risk posture.

• Human Firewall: Own our security culture by managing and conducting annual cybersecurity training and run phishing campaigns.

• Risk Navigation: Identify IT risks before they become problems and help stakeholders how to mitigate.

• IT Governance: Enforce IT governance by coordinating with stakeholders to follow the proper processes such as conducting lesson-learned for incidents or annual user access review.

• Third-Party Trust: Review our vendor and partners to ensure their security standards match our own.

What you need to have

• Framework knowledge: You know and understand ISO, NIST, PCI-DSS.

• Audit experience: Proven experience thriving in high-stakes audits like regulatory audits, PCI-DSS or ISO 27001.

• Attention to detail to notice the small stuff that others miss during risk assessments.

• Communication skills: You need to to translate compliance or technical terms into plain English.

• English to collaborate with diverse multi-national teams.

What makes you stand out

• Fintech or credit product experience 💳

• Deep MoEngage platform knowledge

• Experience with app-based growth or lifecycle marketing

• Indonesian language skills 🇮🇩

Our application process

Hiring is something we do with care. Here's what to expect after submitting your resume:

1. The hiring team reviews your application

2. Initial call with the hiring team

3. Onsite interviews with relevant team members

4. Offer

Why you'll love it here

• 🏦 Everyone gets ESOP — we're all owners here

• 📚 Training course and book subsidies

•  You'll work with some of the sharpest people in the industry

• 🏙 Modern office in the heart of Bangkok

• 🏥 Top-of-the-line medical healthcare plan

• 💆 Monthly wellness allowance

• 🌏 One of the best-funded startups in Southeast Asia, backed by Silicon Valley investors

• No titles or hierarchy — we value contribution and celebrate wins together

At Honest, we are committed to equal employment opportunities regardless of race, color, ethnicity, ancestry, religion, national origin, gender, sex, gender identity or expression, sexual orientation, age, citizenship, marital or parental status, disability, or other class protected by applicable law. We are proud to be an equal opportunity workplace.