В онлайн-платформу для бронирования отелей Agoda требуется Head of GRC (в Таиланд).
Agoda is an online travel booking platform for accommodations, flights, and more. Based in Asia and part of Booking Holdings, company`s 4,000+ employees representing 90+ nationalities foster a work environment rich in diversity, creativity, and collaboration.
The Security Department oversees security, compliance, GRC, and security operations for all Agoda. You will manage a team environment to audit and compliance IT activities including PCI,SOX,GDPR and general computer controls, system and data security, outsourcing partners, pre- and post-implementations of strategic applications and systems, social media, cloud computing, mobile devices and emerging and changing risks, this role will also require working closely with the security specialist of the team to maximize the opportunity.
The Manager will plan and responsible for the risk management, BCP/DRP of the company audits include reviewing information technology processes across the company for efficiency, effectiveness, and adequacy of controls as well as monitoring compliance with company policies, procedures, regulations and master services agreements.
In this role, you’ll get to:
- Participate in audit planning activities to develop audit scopes
- Design audit programs and test plans to determine the adequacy and effectiveness of internal controls and compliance with AGODA policies and procedures and applicable regulations
- Conduct tests of information technology application and system processes and controls
- Demonstrate proficiency in applying information systems audit principles, skills and techniques
- Understand the financial, operational and compliance risks which affect information systems design
- Identify value-added recommendations and align with local and corporate management on corrective actions to address identified risks
- Prepare audit reports detailing recommendations to strengthen and improve the control environment
What you’ll need to succeed:
- Education Degree – BS/BA, MIS or equivalent essential, MBA or other advanced degree desirable
- Certification – Professional certification such as CISA/CISM or equivalent desirable
- Language – English required, fluency in additional language(s) a plus
- Regulations – Knowledge of applicable business laws and regulations required such as SOX, PCI, GDPR (highly desirable, but not essential)
- Technical Skills Oral/Written – Ability to present concisely in oral and written format to all levels of management
- Process Design and Analysis – Ability to analyze complex processes and to determine the efficiency and effectiveness of the process and related controls
- Computer Skills – Working knowledge of MS Office Suite (Excel, Word, etc.) and flowcharting capability required. Data analytic tool experience preferred
- Information Systems – .Net framework environment, Scala, Java
- It is preferable the successful candidate is from an Internet company who has direct experience with working within a very fast-paced environment, where compliance need to be agile to meet the challenges of frequent evolving company objectives
It’s great if you have:
- Security awareness program
- BCP/DRP experience (advantage)
- Risk management (advantage)
- Compliance coverage such as. Patches, Vulnerabilities
- Regulation Experience with PCI-DSS, SOX
- Framework experience with ISO, NIST
- Data protection experience (advantage)
- Managing experience
- Work proficiently with an agile fast-pace Internet IT department is crucial
- Great communications skills both in written and oral form
- Meticulous eye on detail and ability to dissect complex problems to manageable sub-problems
- Must be an excellent team player and always have appetite to learn new things
- Demonstrate well IT auditing based on industry best practices and regulations
Внимание! Для отклика на вакансию нужен VPN.