Information Technology – Compliance Officer

This position reports to the Chief Compliance Officer in Kris+ and is a functional member of the Group Information Security Team (Infosec) responsible for ensuring compliance readiness with PCI DSS and MAS TRM standards for the SIA group.

This role requires creating, maintaining, and executing compliance programs while monitoring business activities to maintain the organization's PCI compliance certification.

Key Responsibilities:

• Understand SIA's business operations and ensure compliance to regulatory IT requirements.
• Develop, maintain, and execute an assurance program ensuring full compliance with:
• PCI DSS and other card payment certifications
• MAS TRM certification
• Define scope and review the results of security tests, reviews and audits to ensure PCI DSS and MAS TRM assurance is achieved
• Work with respective Businesses to align operations and safeguards for the protection of payment information
• Recommend and drive improvements to operations, processes and activities to ensure PCI DSS and MAS TRM compliance for the organisation
• Assess and recommend amendments in the Group policy to align PCI DSS and MAS TRM controls
• Keep up with new developments in PCI DSS, MAS TRM and other related information security standards (ISO/IEC 27001, NIST CSF 2.0, SOC 2 Type II) and assess the impact of such changes on organization
• Keep up to date on emerging security threats and vulnerabilities for SIA Group
• Provide security consultancy, technical guidance, expertise, solutioning and education on PCI DSS and MAS TRM compliance matters
• Manage individual program priorities, deadlines and deliverables
• Support Infosec's efforts in other information security standards compliance like NIST CSF 2.0
• Support ongoing initiatives in improving infosec process (business critical assessments and risk management) and supporting systems
• Provide advisory and consultancy on Infosec improvements
• Any relevant ad-hoc information Security duties

This is an individual contributor role.

Requirements:

• Degree in IT or related fields
• Minimum 8 years of experience in information security
• Minimum 4 years of experience in PCI DSS and MAS TRM audit or internal compliance
• Professional experience as PCI QSA/ISA, MAS TRM, ISO27001 preferred
• Related professional certifications in Information Security (CISSP, CISA) and auditing preferred
• Good practical understanding of international security standards (ISO27001, NIST, SOC 2 Type II)
• Technical proficiency in one or more security areas: network design, cloud, zero trust, Internet of Things, cryptography, AI, etc.
• Working knowledge of secure application development techniques
• Strong understanding of networking, data security principles, system and application security
• Strong oral, written, and interpersonal communication skills with ability to communicate at all levels
• Positive attitude with drive, initiative, enthusiasm, and urgency in resolving high-priority issues
• Ability to work independently and collaboratively in a team environment