Job Description
YOUR ROLE AS A:
Key Responsibilities:
Plan, develop, and execute risk-based IT audit plans.
Lead audits of IT infrastructure, cybersecurity, cloud environments (e.g., GCP, Azure, SaaS), data privacy, application controls, IT networking, ERP systems, digital transformation, third-party technology services, and system development life cycle.
Evaluate the effectiveness of internal controls over systems, IT networks, cyber security, databases, and digital processes.
Ensure compliance with internal policies, industry standards (e.g., ISO 27001, PCI-DSS, NIST, COBIT), and regulatory frameworks (e.g., PDPA, Cyber Security Act 2024).
Identify weaknesses or risks and provide recommendations to improve governance, risk management, and control processes.
Prepare and present clear, concise audit reports to management.
Track audit findings and follow up to ensure corrective actions are implemented.
Collaborate with external auditors and regulatory bodies when necessary.
Monitor emerging IT risks and regulatory developments to update audit programs accordingly.
Develop and maintain effective relationships with key stakeholders across business units, IT, InfoSec, Operations, and executive management to ensure alignment of audit objectives, facilitate open communication, and drive the timely resolution of audit issues.
Engage stakeholders throughout the audit lifecycle-planning, execution, reporting, and follow-up-to understand business priorities, address concerns, and provide value-added insights.
Represent the IT audit function in cross-functional meetings, steering committees, and project reviews to ensure stakeholder perspectives are considered and audit requirements are integrated.
Qualifications:
Bachelor's degree in Information Systems, Computer Science, Accounting, or related field.
Professional certifications preferred: CISA/ CISSP/ CISM/ CRISC
Minimum 4 years of IT audit/ IT risk management/ Information security experience
Strong knowledge of IT systems, cybersecurity frameworks, and internal control standards.
Experience with tools such as audit management software, data analytics platforms, and GRC systems.
Excellent written and verbal communication skills.
Strong analytical, problem-solving, and project management abilities.
Demonstrated experience in stakeholder engagement, including facilitating meetings, managing expectations, and communicating complex audit findings to both technical and non-technical audiences.
GET TO KNOW AirAsia Next:
AirAsia Next manages intellectual property developed for the group focusing on the creation, management, licensing and enforcement of the AirAsia brand. Covering a range from trademarks to brand identity, content and merchandise.
We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer.
Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place.
