PTT Exploration and Production PCL.

Key Accountabilities

  • Develop IT audit plan and audit work program.
  • Evaluate the following areas:
    • Information and Technology (I&T) related risks and internal controls in both general and application controls
    • Compliance according to company’s policies, procedures, guidelines, laws, and regulations
  • Perform I&T audit regarding the company’s Information Technology (IT) and Operation Technology (OT) systems.
  • Deliver and provide value-added recommendations to create and increase the extent of effective, efficient, and sufficient IT and OT controls.
  • Follow up the implementation of audit recommendations with the process owner to ensure that risks are appropriately mitigated.
  • Provide advice on data analytic techniques and perform advanced or complex data analytic to support audit processes such as Audit Planning / Risk Analysis, Audit Scope, Execution of an Audit and Visualization/ Reporting
  • Support other audit teams by performing the IT Application Controls Audit
  • Coordinate with function/business owners in order to monitor and assure technology audit activities.
  • Provide consulting services for other functions as requested such as strategic advice and lessons learnt from I&T projects and technologies.

Professional Knowledge & Experiences

  • Bachelor’s Degree or Master’s Degree in IT, Computer Science, Computer/Network Engineering, Information Technology Management, or relevant fields
  • 3-5 years of experience in information technology (IT) and/or operational technology (OT)-related audit
  • Good knowledge and skill about the risks,controls and regulatory compliance of IT and/or OT systems
  • Good knowledge in cybersecurity, network design and security, software engineering, IT governance, BCP (Business Continuous Plan) and DRP (Disaster Recovery Plan) 
  • Good knowledge of Information and Technology (I&T) standards and control frameworks such as COBIT2019, NIST Cybersecurity Framework, ISO27001, IEC62443, etc.
  • Have a good understanding of risk-based audit and IT audit universe and be able to conduct and IT audit plan, both a short-term and long-term plan.
  • Familiarity with audit methodologies and techniques, such as risk assessment, control testing, and audit planning.
  • Good knowledge and ability to formulate recommended actions to address I&T risks.
  • Preferable to be certified a well-known or industry-recognized IT auditor and/or cybersecurity certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Data Privacy Solutions Engineer (CDPSE), etc.
  • Good communication and interpersonal skill
  • Strong negotiation and presentation skills.
  • Good command of spoken and written English
  • Good project management skills
  • Occasionally work upcountry / overseas