Summary:

• Master of Science Project Management, King Mongkut University of Technology Thonburi (KMUTT), Bangkok, Thailand
• Bachelor of Science Computer Science, Chiang Mai University, Chiangmai, Thailand

• IRCA: ISMS Provisional Auditor ISO/IEC 27001
• IRCA: BCMS Provisional Auditor ISO/IEC 22301
• IRCA: IT-SMS Provisional Auditor ISO/IEC 20000
• Certify Information System Auditor (CISA)
• Control Objectives for Information and Related Technology  (COBIT5) 

• Information Security Management
• Business Continuity Management 
• Information Risk Management
• Information System Audit
• Software Licensing & Software Asset Management
• IT Governance

• May 2020 – Present

• Responsibilities
  • Lead IT audit programs activities focus on business integration and software application assurance covering most BOT’s core activity  areas e.g. Transactional Banking, Credit, etc.
  • Embed 3LoD concepts to work closely with Business Audit teams in order to deliver end-to-end integrated engagements such as 3rd Party Risk Management, PDPA, BCM, and so forth.
  •  Aim to develop Trusted Advisor team by setting up transformation roadmap. Provide assurance based on RCA (Root Cause Analysis), business and IT risk. Increase value of auditing through recommendations to enhance digitization and close risk gaps towards audit and advisory engagements.
  • Led annual BCM programs and presents initiatives of BCM activities to executives committee (bi-monthly) to promote business continuity at all aspects.
  • Overseen command center team who manage both crisis and high impact incidents especially during Covid-19 pandemic which requires facilitation among IT and non-IT functions to ensure no critical services disruption and elevate staff safety.
• Achievement
  • Recognized by management and business audit team on value from team transformation to focus on business growth and risk driven advisory than IT general controls audit.
  • Initiated advisory engagements on Major IT projects to continuous assessment and provide practical recommendation before system go-live. 
  • Delivered over 160 engagements with 8 staffs (by average) during 2 years 7 months.
  • Received “Team Achievement Award” which represent a success of crisis management during Covid-19 situations and ISO22301 surveillance audit result.

• Jan 2020 – April 2020

• Responsibilities
  • Led and Managed IT Department to serve the organization. 
  • Presented all ICT aspects to Board of Commissioners, Audit Committee, Sub-Committee, and CEO. 
  • Resolved all on-going IT operation issues and initiate activities to minimize IT service disruption with a risk based approach.
• Achievement
  •  Able to deliver 6 years IT Master Plan within 4 months. 

• May 2011 – Jan2020

• Responsibilities
  • Led consulting projects over ISO/IEC 27001 and ISO/IEC 22301 certification for large-size clients in Telecom and Energy industries.
  • Be a Service Leader for Extended-Enterprise Risk Service (EERM) which mainly focused on software license review and IT Asset management. The service leading activities included; business development, contract negotiation, customer relationship management, financial forecasting and budgeting control, etc.
  • As South-East Asia Regional Manager looking over Microsoft Software Licensing Review for ASEAN countries. Also, provided the license review to IBM and Adobe locally.
  • Reviewed and recommended on Information Security Policies and Technical specification (so called Base-line Security Checklist) over 35 platforms for companies in Banking and Consumer business.
• Achievement 
  • Established Software License Review service over 8 years to reach 16 Million Baht revenue on 2019. Over than 160 entities were provided with the service in Thailand and outside. Also, received continuous positive feedbacks from Regional Manager clients. 
  • Ensure the consulting service to all customers until received ISO/IEC 27001 and ISO/IEC 22301 certification.
  • Awards: Rookie of the year, Service of the year (both Local and SEA), Counselor of the year.

• May 2010 – April 2011

• Responsibilities
  • Planned and performed IT auditing and control assurance which supporting Bank’s operations as following
    • Business Continuity Management / Business Continuity Plan / Disaster Recovery Plan
    • Card Embossing Process including outsource auditing
    • Bank’s subsidiaries
  • Led meeting and reported to IT and business management for enhancing security controls and operations.

• Jan 2009 – April 2010

• Responsibilities
  • Led, planned, and performed IT auditing and control assurance in Manufacturing, Financial Services including Banking and Brokerage with 13 customers (17 periods).
  • Performed J-SOX audit in a manufacturing company.
  • Co-sourced in IT Internal audit that directly reported to customer (Regional ITIA Director from Hong Kong)
  • Performed quality assessment for Internal Audit department in part of IT auditing at Electricity Authority.

• April 2004 – Dec 2008

• Responsibilities
  • Designed, Implemented, Maintained and Controlled IT process to comply with ISO27001 standard for Financial Institute.
  • Implemented Windows Active Directory Service for 3000+ workstation customer.
  • Established an information security team from one-self to 8 team members to provide outsourcing service.