Sunthorn L.
IT Risk Mangement at Ayudhya Capital Services Co.,Ltd.- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
Topline Score
Bio
Credentials
-
Certified Data Privacy Solutions Engineer (CDPSE)
ISACASep, 2020- Oct, 2024 -
Certified Information Security Manager (CISM)
ISACAJan, 2012- Oct, 2024 -
Certified Information Systems Auditor (CISA)
ISACAJun, 2010- Oct, 2024
Experience
-
Ayudhya Capital Services Co.,Ltd.
-
Financial Services
-
200 - 300 Employee
-
IT Risk Mangement
-
Jun 2021 - Present
• Establish IT Risk Management Policy, relevant procedure and setup risk management framework. • Ensure IT Risk implementation complies with regulatory requirements. • Analyze and define significant IT Risk criteria. • Engage IT Risk assessment, report and monitoring to ensure risk well managed in acceptable level. • Participate in IT Risk advisory on initiatives projects. • Establish IT Risk Management Policy, relevant procedure and setup risk management framework. • Ensure IT Risk implementation complies with regulatory requirements. • Analyze and define significant IT Risk criteria. • Engage IT Risk assessment, report and monitoring to ensure risk well managed in acceptable level. • Participate in IT Risk advisory on initiatives projects.
-
-
-
Ayudhya Capital Services
-
Bangkok City, Thailand
-
IT Security Technical Controller
-
Feb 2017 - May 2021
• Member of IT Enterprise Architecture Committee, review security and privacy design on project e.g. DevSecOps, API, Cloud, Robot Framework, etc. • Approve IT access request e.g. firewall, VPN access, etc. and security deviation. • Vulnerability management on IT Infra/Application/Endpoint. • Conduct external and internal penetration testing. • Manage enterprise Data Loss Prevention rules and reporting. • Manage high privilege account management. • Oversee cybersecurity attack monitoring, security incident management and investigation. • Implement security project e.g. DLP, Advanced Threat Protection (ATP), Key Management, etc. • Support external and internal audit or regulatory review. • Conduct security awareness training and knowledge sharing. Show less
-
-
-
SCB – Siam Commercial Bank
-
Thailand
-
Banking
-
700 & Above Employee
-
AVP - IT Infrastructure Security Specialist
-
Aug 2012 - Jan 2017
• Manage company wide information security vulnerability management and conduct penetration testing as required. • Participate in IT security review on business project and solution implementation. • Implement PCI-DSS. • Manage company wide information security vulnerability management and conduct penetration testing as required. • Participate in IT security review on business project and solution implementation. • Implement PCI-DSS.
-
-
-
Bank of Ayudhya (Krungsri Bank)
-
Thailand
-
Banking
-
700 & Above Employee
-
IT Audit Manager
-
May 2010 - Jul 2012
• Responsible for IT general control, IT Application, IT Outsourcing audit activity as planned, issue audit report and arrange audit exit meeting with IT management staffs. • Perform IT audit program development and IT project advisory. • Responsible for IT general control, IT Application, IT Outsourcing audit activity as planned, issue audit report and arrange audit exit meeting with IT management staffs. • Perform IT audit program development and IT project advisory.
-
-
-
Thomson Reuters
-
Canada
-
Software Development
-
700 & Above Employee
-
Operation Security Analyst
-
Oct 2006 - Apr 2010
• Vulnerability management on TR’s global IT infrastructure • Global TR’s firewall compliance review • Develop global TR’s anti-virus deployment script • Vulnerability management on TR’s global IT infrastructure • Global TR’s firewall compliance review • Develop global TR’s anti-virus deployment script
-
-
-
PriceWaterhouse Coopers FAS Co.,Ltd (Thailand)
-
Bangkok City, Thailand
-
Senior Consultant
-
Oct 2005 - Sep 2006
• Evaluate the effectiveness of clients' information-related controls, processes and document test finding. • Communicate IT audit findings to clients’ senior management. • Perform web application penetration testing. • Conduct IT security audit training for clients. • Evaluate the effectiveness of clients' information-related controls, processes and document test finding. • Communicate IT audit findings to clients’ senior management. • Perform web application penetration testing. • Conduct IT security audit training for clients.
-
-
-
AIS - Advanced Info Services Plc.
-
Thailand
-
Telecommunications
-
700 & Above Employee
-
System Administrator
-
Sep 2001 - Sep 2004
• Responsible for implementation, configuration and maintenance system, data backup facility and firewall devices. • Supporting day-to-day IT operation. • Perform IT system availability monitoring and performance tuning. • Disaster recovery testing. • Responsible for implementation, configuration and maintenance system, data backup facility and firewall devices. • Supporting day-to-day IT operation. • Perform IT system availability monitoring and performance tuning. • Disaster recovery testing.
-
-
-
CATCHA Dot Com (Thailand)
-
Bangkok City, Thailand
-
Web Programmer
-
Dec 2001 - Aug 2002
• Develop and maintain portal website. • Develop new CATCHA web service such as web mail, friends matching, web board, email advertising tracking system. • Develop and maintain portal website. • Develop new CATCHA web service such as web mail, friends matching, web board, email advertising tracking system.
-
-
Education
-
Kasetsart University
Master, Information Technology