Security Compliance Engineer

About the Role

We are seeking a dedicated Security Compliance Engineer to join our Security team. In this role, you will lead our efforts in maintaining alignment with global standards (such as ISO 27001 and PCI DSS/3DS) and ensuring strict adherence to MAS regulatory requirements. You will act as the vital bridge between technical security operations and regulatory excellence.
Beyond internal governance, you will serve as a Security Consultant for external client projects, guiding them through ISO 27001 implementations and helping them cultivate a robust, resilient cybersecurity culture.

What Will You Do

• Lead the end-to-end lifecycle of our certification, including conducting internal audits, performing risk assessments, and facilitating management reviews.

• Provide ISO 27001 guidance and providing on-site support during their external audit processes.

• Partner with the Card Issuing team to drive readiness for PCI DSS audits, ensuring all technical and procedural controls are met.

• Gather the document or the evidences required by audit or regulator.

• Collect necessary documentation and evidence for audits and regulatory purposes.

• Work cross-function to ensure that we are adopting security controls that align with both regulatory requirements and operational efficiency.

• Monitor the security policies and ensure that any non-conformities or gaps identified during audits are properly remediated in a timely manner.

What We Are Looking For

• 0-2 years of Consultant or IT Audit experience.

• Bachelor’s degree in a relevant field (e.g., IT, Computer Science, Cybersecurity, Information Management, Law, ) or a proven track record in GRC (Governance, Risk, and Compliance).

• Certification as an ISO 27001:2022 Lead Auditor or Internal Auditor, CISA, or equivalent are preferred, but not required.

• Basic familiarity with security frameworks such as ISO 27001, PCI DSS, or MAS TRM.
Basic documentation skills and the ability but with willingness to act as a consultant.