Security Compliance Engineer

About the Role

We are seeking a dedicated Security Compliance Engineer to join our Security team. In this role, you will lead our efforts in maintaining alignment with global standards (such as ISO 27001 and PCI DSS/3DS) and ensuring strict adherence to MAS regulatory requirements. You will act as the vital bridge between technical security operations and regulatory excellence. 
Beyond internal governance, you will serve as a Security Consultant for external client projects, guiding them through ISO 27001 implementations and helping them cultivate a robust, resilient cybersecurity culture.

What Will You Do

• Lead the end-to-end lifecycle of our certification, including conducting internal audits, performing risk assessments, and facilitating management reviews.
• Provide ISO 27001 guidance and providing on-site support during their external audit processes.
• Partner with the Card Issuing team to drive readiness for PCI DSS audits, ensuring all technical and procedural controls are met.
• Gather the document or the evidences required by audit or regulator.
• Collect necessary documentation and evidence for audits and regulatory purposes.
• Work cross-function to ensure that we are adopting security controls that align with both regulatory requirements and operational efficiency.
• Monitor the security policies and ensure that any non-conformities or gaps identified during audits are properly remediated in a timely manner.

What We Are Looking For

• 0-2 years of Consultant or IT Audit experience.
• Bachelor’s degree in a relevant field (e.g., IT, Computer Science, Cybersecurity, Information Management, Law, ) or a proven track record in GRC (Governance, Risk, and Compliance).
• Certification as an ISO 27001:2022 Lead Auditor or Internal Auditor, CISA, or equivalent are preferred, but not required.
• Basic familiarity with security frameworks such as ISO 27001, PCI DSS, or MAS TRM.
  Basic documentation skills and the ability but with willingness to act as a consultant.