Tirayut Sripeamlap | ACIS Professional Center Co., Ltd.

Tirayut Sripeamlap

Senior Director
CEPAS DPO, IRCA ISO/IEC 27001 Lead Auditor

Tirayut Sripeamlap has over 27 years of working experiences. Prior to joining ACIS, he started his career as an editor in financial services industry. He also had experience in project management. Since 2008, he has joined ACIS during which he has been involved in a number of information security related projects such as ISMS implementation, GRC implementation and maturity assessment. He is proficient in the areas of information security management, risk management, information privacy, IT governance risk and compliance.

  • Bachelor of Business Administration, Assumption Business Administration College
  • Part-time Lecturer, Rangsit University
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified in the Governance of Enterprise IT (CGEIT)
  • COBIT 5 Assessor
  • COBIT 5 Implementation
  • COBIT 5 Foundation
  • PECB Certified ISO/IEC 27001 Lead Implementer
  • ISMS Auditor/Lead Auditor (Transition to ISO/IEC 27001:2013) Training
  • Established information security management system (ISMS) or part of information security management program in accordance with international standard and leading practice such as ISO 27001 which key components including risk assessment process, risk treatment process, control design and implementation.
  • Established framework for the governance of enterprise IT within the organization in accordance with international standard and leading practice such as ISO 38500 and COBIT which key components including evaluation, direction and monitoring.
  • Performed compliance review of existing management systems, processes or frameworks, identified gap and made pragmatic recommendation to meet the requirement of international standard or leading practice such as ISO 27001, ISO 20000 and ISO 22301.
  • Conducted training to clients in the areas of information security or related (e.g., assurance, cloud computing and big data, forensics, governance risk and compliance, information security, project and program management and software security).