Experience

Mega ICBC

• Banking
• 1 - 100 Employee

• IT Audit - Deputy Division Manager

  • May 2021 - Present

  - Assist to develop Audit Program, Audit Procedure and Working Paper to comply with Bank of Thailand's notification or regulation.- Review IT General Control and Application Control e.g., ICAS, BAHTNET, ITMX, AS/400, E-Loan System and Web HR System.- Review PDPA (Personal Data Protection Act).- Review ISO27001 standard. - Conduct kick-off meeting, audit, exit meeting as a plan.- Provide recommendations to branches (auditee) for improvement area. - Provide audit report to Parent Bank on monthly basis and present findings to Audit Committee.- Assist team to audit Loan, Credit and Outsource Activities.- Perform Surprise Check for vault cash, duty stamp, checks and petty cash.



EY

• United Kingdom
• IT Services and IT Consulting
• 700 & Above Employee

• Senior Consultant

  • Jul 2017 - Mar 2021

  IT Risk and Assurance (Internal and External Auditor) o Performed review and assessment of IT General Controls as part of Sarbanes-Oxley Act compliance (SOX 404) o Performed review and assessment of IT General Controls to evaluate the effectiveness of IT controls supporting the financial statement which across change management, user access management, IT operations and Cybersecurity o Evaluated the IT Security Control according to Cybersecurity Program in scope of IT Operation and Security Monitoring o Performed assessment of National Digital Identity Platform (NDID) and Privacy Control related with the process and application of IDProvider (IdP), Relying Party (RP) and Authorizing Source (AS) and issued the report to support the application which was developing and testing on Regulatory Sandbox of Bank of ThailandGovernance, Risk and Control (Project Based) o Performed gap assessment and design the authorization review of SAP ECC 6.0 to set the authorization standard (Authorization Matrix) for each business unit o Gathered the necessary information to achieve goal as the design by inquiring with end- user directly, Q&A in the meeting and workshop o Identified business risk against the Segregation of Duty (SOD) Principle and Audit’s criterias for Sales, Plant Maintenance, Procurement, Production business unit including affiliates Company o Implemented and Configured the authorization of SAP ECC 6.0 as the design o Performed unit test and integration test to ensure that the overall transaction can be run smoothly, and system errors would be reduced o Prepared the test script for end-user before performing User Acceptance Test (UAT) and communicated to representative user regarding the methodology and protocol for UAT o End user and functional application support (Post Implementation)



EY

• United Kingdom
• IT Services and IT Consulting
• 700 & Above Employee

• IT Risk and Assurance Intern

  • May 2016 - Jul 2016