Job Description
You will be a member of the Group Information Security Team (Infosec) responsible for ensuring that readiness in compliance to PCI DSS and MAS TRMG for SIA group. This role is required to create, maintain and run PCI DSS and TRMG compliance program, and monitor business activities to assure the organization maintains its PCI compliance and TRMG certification.
Key Responsibilities:
•Understand the SIA’s business and the reliance on credit card payments/transactions
•Develop, maintain and execute an assurance program that ensure full compliance to PCI DSS and other card payment certifications
•Keep up with new developments in PCI DSS and TRMG and other related information security standards (e.g. ISO/IEC 27001, SOC 2 Type II) and assess the impact of such changes on organization.
•Work with respective Businesses to align operations and safeguards for the protection of payment information.
•Project manage and driving individual program priorities, deadlines and deliverables with stakeholders.
•Recommend and drive improvements to operations, processes and activities to ensure PCI DSS and TRMG compliance for the organisation.
•Keep up to date on emerging security threats and vulnerabilities for SIA Group.
•Define scope and review the results of security tests, reviews and audits to ensure PCI DSS and TRMG assurances are achieved
•Provide security consultancy, technical guidance, expertise, solutioning and education on PCI DSS compliance matters.
•Assess and recommend amendments in the Group policy to align PCI DSS and TRMG controls D1:E2
•Provide advisory and consultancy on Infosec improvements
•This is an individual contributor role.
•Any relevant ad-hoc information Security duties
Requirements
•Degree in IT or related fields, with at least 4 years in similar space
•Professional experience as IT audit, project management, ISO27001 preferred.
•Related professional certifications in Infosec (CISSP, CISA) and auditing preferred.
•Good practical understanding of other international security standards ISO27001, NIST, SOC 2 Type II.
•Technical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography etc.
•Strong in-depth working knowledge in secure application development techniques (design and coding).
•Strong understanding of networking, data security principles, system and application security
•Strong oral, written, and inter-personal skills. Able to communicate at all levels.
•Possess positive attitude with drive, initiative, enthusiasm and a keen sense of urgency in resolving high-priority issues.
•Able to work independently and in a team-oriented, collaborative environment.