Job Description

Summary:

The role is responsible for planning and executing risk-based IT audits, covering areas such as cybersecurity, cloud infrastructure, ERP systems, and regulatory compliance. It involves evaluating internal controls, identifying risks, and providing strategic recommendations to strengthen governance and risk management. The ideal candidate should have over 10 years of IT audit experience with strong leadership, technical, and communication skills, along with relevant certifications such as CISA, CISSP, or CISM.

Key Responsibilities:

• Plan, develop, and execute risk-based IT audit plans.

• Lead audits of IT infrastructure, cybersecurity, cloud environments, data privacy, application controls, IT networking, ERP systems, digital transformation, third-party technology services, and system development life cycles.

• Evaluate the effectiveness of internal controls over systems, IT networks, cyber security, databases, and digital processes.

• Ensure compliance with internal policies, industry standards (e.g., ISO 27001, PCI-DSS, NIST, COBIT), and regulatory frameworks (e.g., PDPA, Cyber Security Act 2024).

• People Leadership: Lead and manage IT audit teams, including performance management, career development, ability to inspire, motivate, and develop high-performing teams.

• Identify weaknesses or risks and provide recommendations to improve governance, risk management, and control processes.

• Prepare and present clear, concise audit reports to management.

• Track audit findings and follow up to ensure corrective actions are implemented.

• Collaborate with external auditors and regulatory bodies when necessary.

• Monitor emerging IT risks and regulatory developments to update audit programs accordingly.

• Develop and maintain effective relationships with key stakeholders across business units, IT, InfoSec, Operations, and executive management to ensure alignment of audit objectives, facilitate open communication, and drive the timely resolution of audit issues.

• Engage stakeholders throughout the audit lifecycle—planning, execution, reporting, and follow-up—to understand business priorities, address concerns, and provide value-added insights.

• Represent the IT audit function in cross-functional meetings, steering committees, and project reviews to ensure stakeholder perspectives are considered and audit requirements are integrated.

Qualifications:

• Bachelor’s degree in Information Systems, Computer Science, Accounting, or related field.

• Professional certifications preferred: CISA/ CISSP/ CISM/ CIA.

• Minimum 10 years of IT audit/ IT risk management/ Information security experience (Big Four experience preferred), including at least 6 years in a people leadership role.

• Strong knowledge of IT systems, cybersecurity frameworks, and internal control standards.

• Experience with tools such as audit management software, data analytics platforms, and GRC systems.

• Excellent written and verbal communication skills.

• Strong analytical, problem-solving, and project management abilities.

• Demonstrated experience in stakeholder engagement, including facilitating meetings, managing expectations, and communicating complex audit findings to both technical and non-technical audiences.