dtcpay is a MAS-licensed payment service provider that bridges traditional finance and digital assets. We enable businesses to accept and make payments in both fiat and digital currencies, delivering secure, efficient, and seamless payment experiences across borders. As we expand our footprint worldwide, we are shaping the future of the digital payments space and driving the next chapter of growth.

The Cybersecurity Engineer (Technology Risk & Blue Team) play a critical role in managing technology risk, IT audits, security operations, and compliance.

What You'll Do:

1. Technology Risk Assessment for Regional Regulatory Compliance

• Conduct technology risk analysis, ensuring alignment with business and regional regulatory requirements.
• Maintain, document and update changes to policies, SOPs, artifacts, risk registers, etc.
• Perform Level 1 risk assessments for vendor assessment (TPRM), regulatory and licensing adherence.
• Prepare and submit documentation for global digital payment licensing and regulatory compliance.
• Actively engage in certification, auditing, findings , assessment and compliance efforts.

2. Blue Team Operations

• Conduct detailed assessment & audit on all security controls, esp. email, endpoints, app., data, etc.
• Perform Level 1 configuration, settings & baselines, for MDM, endpoint, IAM, PAM, xDR, SIEM, data & network security, according to NIST, ENISA, CISA and MITRE framework protocols.
• Perform Level 1 documentation efforts, including mapping, inputs, configuring, track & monitor, etc.
• Collaborate, and follow-up with other key technical team members and HODs.

3. Data Protection & Privacy

• Perform data protection measures including encryption, tokenization, DLP solutions, etc.
• Ensure compliance with GDPR, PDPA, and other data privacy regulations.
• Perform IAM/PAM configuration & policies, secure authentication, and third-party security assessments.
• Develop and maintain policies for data lifecycle management including data classification, retention, backup, and disposal.

What We're Looking For:

• Min. 3 years of experience in technology risk, blue team operations, and regulatory compliance.
• Diploma or Degree in IT, cybersecurity, or related field.
• Proficient in both English and Mandarin as you will need to work closely with Chinese vendors.
• Experience in digital payments, financial services, or banking is preferred.
• Expertise in technology risk, defensive strategies, endpoint security, IAM, PAM, and access control.
• Strong knowledge of security frameworks, layered defense, SIEM, endpoint & VPN security, DLP, etc.
• Familiarity with vulnerability management, and security configuration and automation.
• Relevant certifications such as Comptia Security+, CEH, or vendor/industry certifications is an added advantage.