Information Technology - Compliance Officer

This position reports to the Chief Compliance Officer in

Kris+ and is a functional member of the Group Information Security

Team (Infosec) responsible for ensuring compliance readiness with

PCI DSS and MAS TRM standards for the SIA

group.

This role requires creating, maintaining,

and executing compliance programs while monitoring business

activities to maintain the organization's PCI compliance

certification.

Key

Responsibilities :

• Understand SIA's business

operations and ensure compliance to regulatory IT

requirements.

Develop, maintain, and execute

an assurance program ensuring full compliance

with :

PCI DSS and other card payment

certifications

MAS TRM

standards

Business Continuity Management

including associated planning and testing

Define scope and review the results of security tests, reviews and

audits to ensure PCI DSS and MAS TRM assurance is

achieved

Work with respective Businesses to

align operations and safeguards for the protection of payment

information

Recommend and drive improvements

to operations, processes and activities to ensure PCI DSS and MAS

TRM compliance for the organisation

Assess and

recommend amendments in the Group policy to align PCI DSS and MAS

TRM controls

Keep up with new developments in

PCI DSS, MAS TRM and other related information security standards

(ISO / IEC 27001, NIST CSF 2.0, SOC 2 Type II) and assess the impact

of such changes on organization

Keep up to

date on emerging security threats and vulnerabilities for SIA

Group

Provide security consultancy, technical

guidance, expertise, solutioning and education on PCI DSS and MAS

TRM compliance matters

Manage individual

program priorities, deadlines and deliverables

Support Infosec's efforts in other information security standards

compliance like NIST CSF 2.0

Support ongoing

initiatives in improving infosec process (business critical

assessments and risk management) and supporting

systems

Provide advisory and consultancy on

Infosec improvements

Any relevant ad-hoc

information Security duties

This is an

individual contributor

role.

Requirements :

Degree

in IT or related fields

Minimum 3 to 5 years

of experience in information security

Minimum

3 to 4 years of experience in PCI DSS and MAS TRM audit or internal

compliance

Certifications :

Professional experience as PCI QSA / ISA, MAS TRM, ISO27001

preferred

Related professional certifications

in Information Security (CISSP, CISA) and auditing

preferred

Technical

Knowledge :

Good practical understanding of

international security standards (ISO27001, NIST, SOC 2 Type

II)

Technical proficiency in one or more

security areas : network design, cloud, zero trust, Internet of

Things, cryptography, AI, etc.

Working

knowledge of secure application development

techniques

Strong understanding of networking,

data security principles, system and application

security

Soft Skills :

Strong oral, written, and interpersonal communication skills with

ability to communicate at all levels

Positive

attitude with drive, initiative, enthusiasm, and urgency in

resolving high-priority issues

Ability to work

independently and collaboratively in a team environment