Auditor
PTT Exploration and Production PCL.
Key Accountabilities
- Develop IT audit plan and audit work program.
- Evaluate the following areas:
- Information and Technology (I&T) related risks and internal controls in both general and application controls
- Compliance according to company’s policies, procedures, guidelines, laws, and regulations
- Perform I&T audit regarding the company’s Information Technology (IT) and Operation Technology (OT) systems.
- Deliver and provide value-added recommendations to create and increase the extent of effective, efficient, and sufficient IT and OT controls.
- Follow up the implementation of audit recommendations with the process owner to ensure that risks are appropriately mitigated.
- Provide advice on data analytic techniques and perform advanced or complex data analytic to support audit processes such as Audit Planning / Risk Analysis, Audit Scope, Execution of an Audit and Visualization/ Reporting
- Support other audit teams by performing the IT Application Controls Audit
- Coordinate with function/business owners in order to monitor and assure technology audit activities.
- Provide consulting services for other functions as requested such as strategic advice and lessons learnt from I&T projects and technologies.
Professional Knowledge & Experiences
- Bachelor’s Degree or Master’s Degree in IT, Computer Science, Computer/Network Engineering, Information Technology Management, or relevant fields
- 3-5 years of experience in information technology (IT) and/or operational technology (OT)-related audit
- Good knowledge and skill about the risks,controls and regulatory compliance of IT and/or OT systems
- Good knowledge in cybersecurity, network design and security, software engineering, IT governance, BCP (Business Continuous Plan) and DRP (Disaster Recovery Plan)
- Good knowledge of Information and Technology (I&T) standards and control frameworks such as COBIT2019, NIST Cybersecurity Framework, ISO27001, IEC62443, etc.
- Have a good understanding of risk-based audit and IT audit universe and be able to conduct and IT audit plan, both a short-term and long-term plan.
- Familiarity with audit methodologies and techniques, such as risk assessment, control testing, and audit planning.
- Good knowledge and ability to formulate recommended actions to address I&T risks.
- Preferable to be certified a well-known or industry-recognized IT auditor and/or cybersecurity certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), etc.
- Good communication and interpersonal skill
- Strong negotiation and presentation skills.
- Good command of spoken and written English
- Good project management skills
- Occasionally work upcountry / overseas