ROLE SUMMARY
The Manager - IT Audit is responsible for leading and executing complex IT audits within a technology-first, virtual banking environment. This role provides independent assurance that the bank's digital infrastructure, applications, and data security measures are robust, compliant with Bank of Thailand (BOT) regulations, and aligned with international best practices.
KEY RESPONSIBILITIES
1. Audit Planning & Strategy Support
- Contribute to the development of a dynamic, risk-based annual audit plan specifically addressing cybersecurity, cloud computing, and API-driven architecture.
- Ensure IT audit programs are aligned with the bank's strategic objectives and meet the rigorous requirements of the Bank of Thailand (BOT).
- Identify emerging technology risks inherent in a virtual banking model to update audit methodologies.
2. Audit Execution & Technical Oversight
- Lead and manage the execution of IT audits covering critical infrastructure, digital applications, and data privacy.
- Evaluate the effectiveness of IT governance and internal controls in accordance with IIA standards and frameworks such as NIST or ISO 27001.
- Conduct technical assessments of cloud security (e.g., AWS/Azure/GCP) and DevOps/SDLC processes for mobile banking platforms.
- Utilize data analytics and automated auditing tools to enhance the efficiency and depth of audit testing.
3. Governance & Remediation
- Serve as a technical advisor to business units on matters of IT internal control and risk mitigation.
- Partner with the Heads of Risk Management and Compliance to strengthen the Three Lines of Defense (3LOD) specifically regarding technology risks.
- Monitor and verify management's implementation of audit recommendations to ensure timely closure of significant IT control issues.
QUALIFICATIONS
- Professional Experience: Minimum 57 years of experience in IT Audit, IT Risk, or Cybersecurity within the banking or financial services industry.
- Education & Certification: Bachelor's or Master's Degree in Computer Science, Information Technology, or a related field.
- CISA,CISM, CISSP, or Cloud-specific certifications are highly beneficial.
- Technical Acumen: Direct experience in auditing digital banks, fintechs, or cloud-native environments. Strong understanding of cybersecurity frameworks and API security.
- Regulatory Expertise: Familiarity with Bank of Thailand (BOT) regulations concerning IT controls and risk management.
- Communication: Exceptional communication skills in both written and spoken English and Thai, with the ability to explain technical risks to non-technical stakeholders.
- Integrity: Unquestionable personal integrity and professional skepticism.
KEY PERFORMANCE INDICATORS (KPIs)
- Audit Plan Delivery: Successful completion of assigned IT audits within the AC-approved annual audit plan.
- Regulatory Readiness: Successful Readiness Review of critical IT controls to support the BOT's licensing inspection and pre-launch audits.
- Remediation Effectiveness: Percentage of IT audit findings resolved by management within the agreed-upon timeframe.
- Quality of Reporting: Delivery of high-quality audit reports that provide thematic insights into the bank's technology control environment.
