Colorful Dots Background

Dept. Manager - IT Internal Audit (CISA)

อาคารธาราพัฒนาการ (แม็คโครสำนักงานใหญ่)
Other

หน้าที่และความรับผิดชอบ

  • Lead cybersecurity-focused and technology risk audits using a risk-based approach, covering the full audit lifecycle from risk assessment, audit planning, fieldwork execution, to reporting and follow-up.

  • Plan and perform risk assessments to identify key cybersecurity and technology risks across infrastructure, network, applications, cloud environments, and supporting IT processes.

  • Assess the design and operating effectiveness of IT and cybersecurity controls.

  • Review and evaluate cybersecurity practices and remediation progress.

  • Utilize data analytics and audit tools to enhance audit coverage, identify anomalies, and support continuous monitoring of technology and cyber risks.

  • Develop clear, risk-based audit findings and recommendations, and communicate audit results to management and stakeholders.

  • Perform any other tasks or assignments as required.

คุณสมบัติพื้นฐาน

  • Bachelor’s degree or higher in Computer Science, Information Technology, Information Systems, Cybersecurity, Engineering, or related fields.

  • 7-10 years of experience in internal or external IT audit, cybersecurity, technology risk, or related fields.

  • Professional certifications such as CISA, CISSP, CISM, or equivalent are preferred.

  • Hands-on experience in cybersecurity testing activities, such as penetration testing and vulnerability scanning, is required.

  • Experience in conducting risk-based IT and cybersecurity audits.

  • Strong knowledge of IT audit, cybersecurity, and technology risk management concepts.

  • Solid understanding of IT general controls, cybersecurity controls, and system/application controls.

  • Ability to lead audit engagements, work independently, and collaborate effectively with cross-functional teams.

  • Good command of English, both spoken and written.

  • Ability to lead end-to-end IT and cybersecurity audit engagements using a risk-based approach.

  • Strong analytical skills to assess control effectiveness and identify technology and cyber risks.

  • Ability to perform hands-on penetration testing and vulnerability assessments as part of audit activities.

  • Hands-on experience using security testing tools such as web application scanners and server vulnerability scanners, and the ability to analyze and validate test results.

  • Ability to evaluate complex IT environments and translate risks into clear audit issues.

  • Ability to translate technical testing results into clear, risk-based audit findings.

  • Effective communication skills for presenting audit results to management and stakeholders.

  • Good stakeholder management and coordination skills across IT and business teams.

  • Ability to work independently while collaborating effectively as part of a team.

ไปหน้าตำแหน่งงานทั้งหมด