Information Technology Auditor

Job Description

• Assist IT Audit Leader in performing an independent assessment on inherent risk and control risk of the company’s information systems in order to develop the annual risk-based IT audit plan
• Gather data from the monthly incident report and perform preliminary review to identify and prioritize risks and key controls over the information systems under review for audit project planning purpose.
• Develop Audit Planning Memorandum (APM) to identify the audit objective, scope of review, audit approach, audit timeline, audit team member and expected controls and communicate the APM to Head of process under review in the opening meeting.
• Execute the IT audit engagement to evaluate the adequacy and effectiveness of IT general controls and application controls; including IT policies/procedures, logical access controls, system development, change management and computer operation.
• Conduct cyber security review, penetration testing at network, web application and mobile application
• Provide an advisory service on IT security and controls in relation to digital and infrastructure technology to ensure IT security and controls are appropriately designed.
• Develop clear, concise and understandable working paper to document work performed.
• Support and assist Operational and Subsidiary audit engagements.
• Identify control weaknesses and non-compliance to company's policies, procedures and related regulations, which may result in ineffective and inefficient operations.
• Prepare Issue Log and participate the Closing meeting to obtain agreement on the results of the audit and management action plan for remediation action and controls improvement actions (detective / preventive controls).
• Provide oral or written presentations to management during the audit and at the conclusion of each audit or special project.
• Prepare formal written reports for each audit project expressing an opinion on the adequacy of the internal control structure.
• Follow-up on the status of remediation action and controls improvement action from management in order to ensure management action is taken in a timely manner.
• Gather the Post Audit Survey result from key customers after audit engagement completion and make an improvement on suggestion provided by key customers to achieve customer’s requirements and to improve an effectiveness and efficiency of audit work.
• Perform ad-hoc assignments or any other special requests from management.
• Coordinate with BAY internal auditors to provide optimal audit coverage to the company.

Qualifications:

• Thai Nationality.
• Bachelor’s or Master’s degree in Information Technology, Information Systems, Computer Science, Computer Engineering, MIS, AIS or IT related fields
• Minimum 3 years’ experience in internal or external IT audit, IT/Cyber security, Network security or related fields, preferably in Finance & Banking business
• Knowledge of IT processes, IT risks, IT security and IT technical knowledge (e.g. network/web application/mobile application penetration testing, network/operating system/database configuration and security review)
• Familiarity with leading standards/practices (e.g. COBIT, ITIL, ISO27001, PCI-DSS, OWASP) and compliance regulations (e.g. BOT, OIC)
• Through understanding of audit concept and process
• IT General controls (e.g., Systems development, Change management, Security, Computer operations) and Application controls (e.g., source data control, input validation routines, data processing and file maintenance controls, output controls
• Credit card, personal loan and insurance broker product & related business process knowledge