« Back to overview

IT Compliance & GRC Manager

Bangkok, Thailand


About Agoda:

Agoda is the largest and fastest growing online hotel booking platform in Asia and as a Booking Holdings company, we are part of the largest online travel company in the world. Technology is not just what we do – it’s at the heart of who we are. We have the dynamism and short chain of command of a start-up and the capital to make things happen. We love innovation and putting new technologies to work to extend our lead on the competition.

Working in one of the largest international Internet employers headquartered in Asia, your work has an impact on what we do around the globe. We move fast – why wait ages to see your ideas go live? Work on tough challenges, safe in the knowledge that you are surrounded by people as smart as you are (if not smarter!) to help solve them. And while we’re on the subject, Agoda people come from over 80 countries: It’s an incredible technical creative melting pot.


The Manager  will manage  a team environment to audit IT activities including PCI, SOX, GDPR and general computer controls, system and data security, outsourcing partners, pre- and post-implementations of strategic applications and systems, social media, cloud computing, mobile devices and emerging and changing risks, this role will also require working closely with the security specialist of the team to maximize the opportunity.

Audits include reviewing information technology processes across the company for efficiency, effectiveness, and adequacy of controls as well as monitoring compliance with company policies, procedures, regulations and master services agreements.


Duties and responsibilities this role may entail:

  • Participates in audit planning activities to develop audit scopes.
  • Design audit programs and test plans to determine the adequacy and effectiveness of internal controls and compliance with AGODA policies and procedures and applicable regulations.
  • Conduct interviews of select personnel and document and assess business processes and information systems to determine the adequacy of the control environment.
  • Conduct tests of information technology application and system processes and controls.
  • Demonstrate proficiency in applying information systems audit principles, skills and techniques.
  • Understand the financial, operational and compliance risks which affect information systems design.
  • Identify value-added recommendations and align with local and corporate management on corrective actions to address identified risks.
  • Prepare audit reports detailing recommendations to strengthen and improve the control environment.
  • Regulation Experience with PCI-DSS, SOX, GDPR, ISO 27001
  • Managing experience
  • Work proficiently with an agile fast-pace Internet IT department is crucial
  • Great communications skills both in written and oral form
  • Meticulous eye on detail and ability to dissect complex problems to manageable sub-problems
  • Must be an excellent team player and always have appetite to learn new things
  • Demonstrate well IT auditing based on industry best practices and regulations


  • 7+ years of experience in an IT Auditing role 
  • 3+ years of experience in managing people & setting objectives, KPIs with deadline for them
  • BS/BA, MIS or equivalent essential, MBA or other advanced degree desirable.
  • Professional certification such as CISA or equivalent desirable
  • Fluency in oral and written English is required, fluency in additional language(s) a plus.
  • Knowledge of applicable business laws and regulations required such as SOX, PCI, GRC, GDPR (highly desirable, but not essential)
  • Ability to present concisely in oral and written format to all levels of management.
  • Ability to analyze complex processes and to determine the efficiency and effectiveness of the process and related controls.
  • Working knowledge of MS Office Suite (Excel, Word, etc.) and flowcharting capability required. Data analytic tool experience preferred.
  • Experience with .Net framework environment, Scala, Java, DUO Security, Fortinet, F5, Microsoft,
  • It is preferable the successful candidate is from an Internet company who has direct experience with working within a very fast-paced environment, where compliance need to be agile to meet the challenges of frequent evolving company objectives.



#sanfrancisco #sanjose #losangeles #sandiego #oakland #miami #orlanda #boston #seattle #newyork #telaviv #manchester #london #liverpool #york #dublin #sydney #melbourne #IT #4 #LI-JA1