Job Summary

Formulate policies, strategic directions, standards for operation, control and improve the quality of internal audit work. To support the creation ofadditional value operational improvement and achieving the objectives and goalsof the line of work and the company, including the effectiveness of the supervision Governance, Risk and Internal Control and Compliance (GRC).

Job Description

- Review evaluation on adequacy and effectiveness of internal control over information technology and prioritize IT audit universe for annual risk-based IT audit plan.

- Manage audit teams in performance of IT audits and reviews of systems, applications, and IT processes by examining and evaluating the adequacy and effectiveness of IT internal control of GC and subsidiaries and the quality of performance in carrying out assigned responsibilities. These include internal control review on,

- Pre and post-implementation of system implementations or enhancements.

- IT security (e.g. network, operating system, data center, cybersecurity, etc.), including evaluating if security vulnerabilities are properly identified and mitigated. Coordinate the scope and performance of these reviews with businessunits and external security experts.

- Information general computing controls, IT governance process and IT management policies and procedures such as change management, business continuity planning/disaster recovery and information security to ensure that controls surrounding these processes are adequate.

- Access control, authorization, and segregation of duties (SOD) in applicable systems and environments.

- Configuration of applications to ensure that business automate controls are implemented as designed.

- Coordinate with IA GC and Subsidiaries departments to manage integrated IT audit by including IT audit on application control with business audit team.

- Review IT audit program related best practice/process to apply in IT Audit project engagement.

- Review working papers and examine IT internal controls, evaluate the design and operational effectiveness, determine exposure to risk.

- Review the weaknesses in the company’s IT environment, such as systems network, business applications, etc., and provide recommendation value added insight related to technology and systems as well as enable enhanced security for the enterprise to prevent security breaches in the technology.

- Review audit report and ensure that findings and recommendations are clearly presented to and agreed by management and that a subsequent audit report is issued promptly.

- Communicate IT audit results to management and audit committee with simplified terms of complex technical issues.

- Oversee team to follows up recommendations to ensure that all recommendations are properly performed within committed timeline.

- Apply project management tools i.e. TeamMate to execute audit project engagement and control quality and timeliness deliverable as well as ensure audit methodology is consistency applied and documented.

- Oversee team to ensure that IT audit engagement is performed in compliance with all applicable standards.

- Review key control on IT systems and data analytics result on evaluating internal control over information technology and identify IT detection rules.

- Oversee and manage investigation on exception alert from IT detection rules.

- Collaborate with IA infrastructure team on configuration or automate control design in IT system to maintain accuracy of data source for data analytic of internal audit function.

- Develop annual Resource and budget planning.

- Support annual audit plan, strategy development, initiative execution, and performance monitoring.



 

Job Description (Cont. 2)

Job Description (Cont. 3)

Job Qualification

Education

Bachelor's Degree or higher in Information Technology ,Accounting, Finance, Management, Economics, or related fields

Engineering Certified Internal Auditor (CIA)

Certified Professional Internal Auditor of Thailand (CPIAT)

Certified Information Systems Auditor (CISA)

Experience

At least 10 years Internal audit (business audit and IT audit)

- At least 5 years in Data analytics , Internal audit IPPF, GRC, CSA ,  IT implementation project