The Manager - IT Audit is responsible for leading and executing complex IT audits within a technology-first, virtual banking environment. This role provides independent assurance that the bank's digital infrastructure, applications, and data security measures are robust, compliant with Bank of Thailand (BOT) regulations, and aligned with international best practices.
KEY RESPONSIBILITI
ES1. Audit Planning & Strategy Suppo
- rtContribute to the development of a dynamic, risk-based annual audit plan specifically addressing cybersecurity, cloud computing, and API-driven architectur
- e.Ensure IT audit programs are aligned with the bank's strategic objectives and meet the rigorous requirements of the Bank of Thailand (BOT
- ).Identify emerging technology risks inherent in a virtual banking model to update audit methodologie
s.2. Audit Execution & Technical Oversig
- htLead and manage the execution of IT audits covering critical infrastructure, digital applications, and data privac
- y.Evaluate the effectiveness of IT governance and internal controls in accordance with IIA standards and frameworks such as NIST or ISO 2700
- 1.Conduct technical assessments of cloud security (e.g., AWS/Azure/GCP) and DevOps/SDLC processes for mobile banking platform
- s.Utilize data analytics and automated auditing tools to enhance the efficiency and depth of audit testin
g.3. Governance & Remediati
- onServe as a technical advisor to business units on matters of IT internal control and risk mitigatio
- n.Partner with the Heads of Risk Management and Compliance to strengthen the Three Lines of Defense (3LOD) specifically regarding technology risk
- s.Monitor and verify management's implementation of audit recommendations to ensure timely closure of significant IT control issue
s.
QUALIFICAT
- IONSProfessional Experience: Minimum 5–7 years of experience in IT Audit, IT Risk, or Cybersecurity within the banking or financial services indus
- try.Education & Certification: Bachelor's or Master's Degree in Computer Science, Information Technology, or a related fi
- eld.CISA, CISM, CISSP, ISO27k or Cloud-specific certifications are highly benefic
- ial.Technical Acumen: Direct experience in auditing digital banks, fintechs, or cloud-native environments. Strong understanding of cybersecurity frameworks and API secur
- ity.Regulatory Expertise: Familiarity with Bank of Thailand (BOT) regulations concerning IT controls and risk managem
- ent.Communication: Exceptional communication skills in both written and spoken English and Thai, with the ability to explain technical risks to non-technical stakehold
- ers.Integrity: Unquestionable personal integrity and professional skeptic
ism.
KEY PERFORMANCE INDICATORS
- (KPIs)Audit Plan Delivery: Successful completion of assigned IT audits within the AC-approved annual audit
- plan.Regulatory Readiness: Successful Readiness Review of critical IT controls to support the BOT's licensing inspection and pre-launch a
- udits.Remediation Effectiveness: Percentage of IT audit findings resolved by management within the agreed-upon time
- frame.Quality of Reporting: Delivery of high-quality audit reports that provide thematic insights into the bank's technology control enviro
nment.
