Curriculum Vitae

Christian Hermanus
https://www.linkedin.com/in/christianhermanus
E-mail : christian.hermanus@naradacode.com

SUMMARY

1. Proven Information Security Head through experiences as Information Security Head at Astra
International Tbk .
2. Proven adopting various best practices and regulation of IT as Vice President at PT. Bank
Tabungan Pensiunan Nasional, Tbk.
3. Proven IT Practioner, with the wide span of IT experiences including software development,
project management, business process re-engineering, infrastructure, security, and
governance.
4. Proven leadership role managing large IT unit with 40 full time employees as IT Technology
Center Head at PT Astra Honda Motor.
5. Proven understanding of banking and manufacturing information technology.

1
 PROFESIONAL EXPERIENCES

PT. Narada Piranti Teknologi Januari 2017 – Present

Managing Partner

Delivers IT Professional Services focusing on IT Governance, IT Master Plan/Strategic Plan, IT

Health Check assessment, Information Security and Policy – Procedure Development.

Project portfolio:

1. Develop policies and procedures based on Banking Regulation for IT Risk Management
for PT Aero Systems Indonesia. PT Aero Systems Indonesia is IT provider for Garuda
Indonesia, they want to have a set of Policy and Procedures similar to set of Policy and
Procedures for IT in banking industry.
2. Perform gap analysis and develop procedures for ISO 20000 Information Technology
Service Management Systems for PT Aero Systems Indonesia. As IT service provider
they want to achieve ISO 20000 certification.
3. Develop IT Governance framework, policies and procedures for Bank Rakyat Indonesia
(BRI). BRI is the largest bank in Indonesia and after audited they found that they don’t
have IT Governance framework, policies and procedures. My role is to develop a full set
of IT Framework, Policy, Procedure and others tool according to Financial Services
Authority (OJK) regulations about IT Risk Management.
4. Develop IT Master Plan, Policies and Procedures for a PT Peruri. PT Peruri is a state
own manufacturing company that produce both banknotes and coins. According to IT
Regulation for state owned company, the must develop an IT Master Plan and a set
policy and procedures.
5. Develop Job Description and IT Key Performance Indicator for Bank Syariah Bukopin.
6. Develop Policy, Procedure and Checklist IT Internal Control for Bank Syariah Bukopin.
7. Perform IT health check based on COBIT 5 for Bank BTPN Syariah.
8. Develop Policies and Procedures for a Construction Services Development Board of
Indonesia.
9. Information Security assessment based on NIST Cyber Security Framework for PT Adira
Finance. PT Adira Finance is multi finance company and they start to develop their
digital services. My role in this project is to assess their security and provide advisory for
the to improve their security.

2
 10. Develop IT Master Plan, Policies and Procedures for Perusahaan gas Negara (PGN).
PGN is a state owned Oil and Gas Company. According to IT Regulation for state owned
company, the must develop an IT Master Plan and a set policy and procedures.
11. Develop IT Master Plan, Policies and Procedures for PT Aneka Tambang (ANTAM). PT
ANTAM is a state owned Oil and Gas Company therefore the should have IT Master
Plan and a set policy and procedures.
12. IT Audit coaching for PT. Indonesia Comnet Plus (Icon+). PT Icon+ is a subsidiary of PT
PLN a state owned company for electricity. Internal auditor in PT Icon+ doesn’t have
experiences to conduct an audit for IT.
13. Implementation of Devops for PT Philip Morris Indonesia (PMI). PMP starts
implementing Devops but they need a coach and counseling in order to implement the
Devops correctly.
14. ISO 27001 Information Security Management System implementation for two Fintech
company. According to Financial Services Authority (OJK) a Fintech company should
have an ISO 27001 Certification before they register a license to OJK.
15. Coordinate a Disaster Recovery Plan for Asian Games 2018.
16. IT Governance Development for the Ministry Of Communication And Informatics.
17. IT Master Plan and Policy, procedure development for Indonesia's National Cyber and
Encryption Agency .
18. Digital Skills & Learning Path Development for PT Philip Morris Indonesia (PMI).
19. IT Governance revision, internal certification and digital governance development for PT
Bank Rakyat Indonesia.

Training Instructor :
1. Implementation of Risk Management in the Use of Information Technology by
Commercial Banks.
2. Practical ITIL v3.
3. IT Key Performance Indicator.
4. IT Audit.
5. IT Architecture.
6. Information Security.
7. Balanced Scorecard for IT.

3
PT Bank Tabungan Pensiunan Nasional, Tbk Januari 2011 – Dec 2016
VP - IT Process, Governance Assurance and Performance Management Head
• IT Process :
o Ensure IT organization runs appropriate accountability and responsibility.
o Ensure IT policy and procedures comply with the internal and external regulation.
o Plan and implement working system to effectively adopting industry best practice.
• IT Governance Assurance :
o Ensure adequacy and integrity of controls in information processing systems.
o Plan and implement IT Continuous Improvement.
• IT Performance Management :
o Measure IT performance.
o Plan and implement working system to monitor and improve IT performance.

Major Accomplishments:
• Develop, evaluate and update IT Governance instruments to accommodate most recent
changes.
• Conduct internal compliance review.
• Produce and publish IT Monthly Scorecard.
• Conduct a pilot project for implement Scrum Methodology.
• Develop and maintain IT Portal.
• Develop and maintain IT Dashboard.
• Implement Continuous Integration Tool (IBM Rational).
• Conduct routine IT Induction Program and PBI No. 9/15/PBI/2007 - SE BI N0. 9/30/DPNP
awareness.

4
PT Astra International, Tbk April 2007 – December 2010
Information Security Head
Manage all aspect of Information Security Management System, including oversee and
coordinate information security initiatives, Risk Management, Disaster Recovery Plan, Audit
remediation, Compliance, Security Operation Control, User Access Management and provide
information security assessment and advisory to affiliated company.

Major Accomplishments:
• Establish and manage Information Security Management system based on the ISO 27001
framework.
• Develop, evaluate and update Procedure and Risk Register.
• Maintain Disaster Recovery Procedure and conduct Disaster Recovery Test.
• Implement Identity Management (IDM) system.
• Generate periodic information security report based on security devices log analysis.
• Detect, investigate and resolve information security attack.

PT Astra Honda Motor January 1998 to March 2007

Technology Center Head, 2005 – March 2007

Led and directing an application developer team to ensure a quality application delivered. The
responsibility covers providing leadership and direction to project team members, assigning
tasks and coordinating resources. During this period I also assigned to teach at Politeknik
Manufaktur Astra .

Major Accomplishments:
Prime Project : Develop an ERP system both with SAP and non SAP application.

IT Project Management Coordinator, 2004 – 2005

Providing leadership and direction to project leader, assigning tasks and coordinating resources,
ensure deliverables are developed and completed on schedule.

Major Accomplishments:
Develop online ordering system from Dealer to Main Dealer and AHM.

5
IT Quality Assurance, 2002-2004
Develop standards, guidelines or procedures for Software Quality Assurance and running a
validation and verification processes including conduct user acceptance testing, to make sure
that any agreed-upon standards and procedures are followed.

Major Accomplishments:
• Setup standard and procedure for Software Development Life Cycle Process.
• Develop workflow application for Purchase Requisition Process.
• Conduct audit for main dealer.

System Development, 2000-2002

Develop a custom built application using Oracle Development Tool.

Major Accomplishments:
Develop application for Motorcycle Main Dealer.

Business Process Re-Engineering (BPR) consultant, 1998-2000

Preparing BPR for Supply Chain Management project, mapping the actual condition, finding the
improvement opportunities, make a concept for the new business process, gathering user
requirement and develop a plan for the new business process implementation.

Major Accomplishments:
• Reengineering warehouse management system.
• Reengineering payment system.

PT Bank Universal, Tbk July 1996 – November 1997

Technical Support
Maintaining the smooth running of the daily operation including handling problem from end user.

Major Accomplishments:
Setup infrastructure for branch and head office network connection for Centralized Operation
project.
6
 SKILL
• Information Security Management System
• IT Governance
• IT Audit
• Disaster Recovery Planning
• Risk Management
• Business Process Reengineering
• Software Quality Assurance
• Software Development Life Cycle
• Agile – Scrum Software Development
• DevOps

Public Speaking
• Retail BankTech Indonesia - March 2015, delivering topic : Delivering Digital Modernization :
Striving towards enhancing customer experience.
• Southeast Asia Banking Technology & Innovation Summit - March 2016, delivering topic :
Managing IT risks and developing supporting infrastructures
• Gunadarma University - February 2016, delivering topic : Implementation of Internet of
Things
• DevOpsDay Jakarta 2018, ignite session.
• DevOpsDay Jakarta 2019, delivering topic : Does DevOps need a Leader?

EDUCATION
1996 STMIK Gunadarma Major : Computer Engineering IP : 3,2

7
 CERTIFICATION
1. Certified Information Systems Auditor, ISACA
2. Sertifikasi Manajemen Risiko Level 3, Lembaga Sertifikasi Profesi Perbankan
3. Certified Lean Six Sigma Green Belt, SSCX International
4. Certified Scrum Master, Scrum Alliance
5. Certified IT Manager, EXIN
6. Devops Foundation Certificate, Devops Institute
7. Devops Leader Certificate, Devops Institute
8. Certified Agile Service Manager, Devops Institute
9. ITIL V3 Foundation Certificate, PeopleCert
10. ITIL V3 Intermediate IT Service Operation Certificate, PeopleCert
11. ITIL V3 Intermediate IT Service Design Certificate, PeopleCert
12. Certified Professional Agile Coaching, ICAgile

COURSES

2016 IBM Rational CLM, by Metrodata Training

2016 Workshop BCP dalam Industri Perbankan Berbasis Digital, by VedaPraxis
2016 Banking Technology & Innovation Summit
2016 Implementation of Internet of Things in Manufacture Industry, by Gunadarma University
2015 Strategic IT Architecture Planning, by ATD Solution
2015 Threat Modelling & Security Architecture Training Class by Secure Ninja
2015 Hi Impact Collaboration by Momenta
2015 CIO Leaders Asean Summit 2015
2015 Retail BankTech indonesia by Trueeventus
2014 Fraud Awareness by BTPN
2014 Building Leadership from Within by Experd
2014 Bank Risk Management Refreshment for level 3
2014 Mastering COBIT 5 Fundamental: A Practical Approach by PT ANT

8
2014 Certified IT Manager by EPI
2014 Smart Negotiation Skills by Nelson Buchanan & Ostergaard
2014 One day seminar - Seven Habits of Highly Effective People signature 4.0 by Dunamis
2013 Certified Lean Six Sigma Green Belt by SSCX
2012 Leading by Values by BTPN
2012 Sertifikasi Manajemen Risiko Level 1
2012 Sertifikasi Manajemen Risiko Level 2
2012 Sertifikasi Manajemen Risiko Level 3
2011 Certified Scrum Master Course by Odd-e
2011 Curriculum Development Workshop by PT BTPN
2011 Managing People for IT by PT BTPN
2010 Mobile Payment Security by Uni Strategic, Singapore
2009 Hacking Trust Course by PT Bellua Asia Pacific
2008 Computer Forensic by MgDelxis, Kuala Lumpur
2008 IT Service Management workshop with HP Indonesia
2007 ISO 27001 Implementation by PT Bellua Asia Pacific
2007 Practical Business Continuity by Marcus Evans
2007 Disaster Recovery Workshop by Informatics
2007 Security Assessment & Audit by PT Bellua Asia Pacific
2006 Effective Planning & Organizing by Lutan Edukasi
2006 Astra Middle Management Program by Astra Management Development Institute
2006 Information Security & Hacking Conference by PT Bellua Asia Pacific
2005 .NET Framework best practice by Microsoft Indonesia
2005 Effective Team Building by Academia Education & Training
2005 Get Maximal Point through Togetherness by PDP Consulting
2005 SAP – Financial Accounting & Reporting by SAP Education Services Indonesia
2004 CISA Review Course by Fakultas Ilmu Komputer Universitas Indonesia
2003 ArisTool Basic
2003 Object Oriented Program Concept, Object Oriented Analysis & Design by Sisindosat
Distributed Application Fundamental and Software Engineering Methodologies by
2003 Sisindosat
2003 Oracle Java 10 g Technology by PT Perkasa Pilar Utama
2002 Astra Supervisory Management Program by Astra Management Development Institute
2002 Borland Delphi 7.0 by PT Delphi Computech

9
2002 Microsoft Project 2002 by PT Astra Honda Motor
2002 Oracle 9i New Features by PT Astra Honda Motor
2002 Oracle Workflow by PT Perkasa Pilar Utama
2001 Consultancy Skill Training by Lembaga Manajemen PPM
2000 System Analyst by PT Astra Honda Motor
1997 Router Cisco 2501 Series Installation by PT Soedarpo
1997 Seven Habits of Highly Effective People by PT Bank Universal
1997 Supporting Windows NT 4.0 Core Technologies by PT Digital Astra Nusantara
1996 TCP/IP Network by Professional Development Associates

10