Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services authentication services governance and assurance services as well as managed a dynamic digital and cyber landscape where trust & collaboration are key ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech government agencies and commercial partners to mitigate cyber risks and bolster security postures.
Key Responsibilities:
Role Purpose: A practitioner who delivers rigorous threat-informed audit execution contributes to systemic analysis and supports WoG capability building. This is the foundational role where problem-framing instincts systems awareness and AI fluency are developed the entry point from which practitioners grow toward deeper specialisation in risk intelligence policy feedback or capability enablement.
PILLAR 1 AUDIT EXECUTION (The Engine)
Oversee 4 audits as audit manager within the fiscal year ensuring:
Coverage of critical risk areas informed bythreat intelligence and systems criticality
Problem framing at the scoping stage: structuring audit objectives as risk hypotheses rather than control checklists askingwhat could go wrong and whybefore askingis this control in place
Clear concise articulation of findings asrisk narrativesconnecting control gaps to broader exposure and downstream impact
Recommendations that addressroot causes not just surface deficiencies
Timely issuance of reports as per planned timelines
Apply data quality discipline during fieldwork using standardised taxonomies and structured data capture to ensure findings feed Pillar 2s PRISM engine. Recognise that every audit engagement is simultaneously an intelligence-generation activity.
Develop and apply threat-informed thinking across audit engagements building awareness beyond cyber controls to include:
Data risk: quality lineage and privacy dimensions
Resiliency risk: tested versus actual failover capability
Platform risk: third-party and supply chain dependencies
Practice risk: how processes actually operate under pressure versus how they are documented
Embrace AI and automation tools as core working methods:
Use the Unified Audit Automation Product (AI-generated work programs Automated Control Testing Generative Reporting QA automation) as standard practice
Provide structured feedback on tool effectiveness to the Technology & Analytics horizontal
Adopt anexperimentation mindset willingness to try new approaches learn from imperfect outputs and iterate
Score vendor performance on live engagements contributing to Pillar 3s PRIME framework.
PILLAR 2 AUDIT ANALYSIS (The Brain)
Contribute to the annual audit risk assessment and planning process by:
Identifying key risk trends across WoG referencing industry threat intelligence and cybersecurity reports
Developinghypothesis-driven audit objectivesaligned with identified risks
Creating audit plans with procedures timelines and resources
Participate in the systemic analysis of IM8 audits by:
Conducting analysis of IM8 audits from the preceding fiscal year looking forpatterns and shared root causesacross engagements
Contributing to analysis outputs with clear systemic implications
Presenting analysis results to GovTech Seniors
Contribute to the Policy Feedback Loop:
Provide evidence-based observations to Policy Developers on IM8 policy effectiveness
Frame observations aroundimplementation context and root causes
Support policy enhancement for emerging technology domains
Build pattern recognition as a deliberate skill: during every audit engagement actively ask Is what Im seeing here likely to exist elsewhere What systemic condition would produce this finding and route observations to Pillar 2s analysis function.
PILLAR 3 IT AUDIT CAPABILITY DEVELOPMENT (The Enabler)
Contribute to the operationalisation of risk-based auditing across WoG by:
Supporting training delivery to WoG auditors and agencies
Contributing to audit methodology maintenance and updates
Raising awareness through WoG briefings newsletters blogs and community engagement
Support the relevance of IM8 and audit methodology training ensuring alignment with current policy and emerging risk themes.
Identify opportunities for technology-enabled improvement:
Assess where AI automation and analytics can enhance audit work
Support distribution and adoption of CDAs Unified Audit Automation Product
Treat technology adoption as aniterative learning process
Stay current with emerging technologies threat vectors and trends in the audit and assurance profession building the practitioner depth that underpins credible threat-informed audit work.
Requirements
A degree in an IT-related discipline or equivalent qualification
Professional certifications such as CISA and cloud security certification are essential
A minimum of4 yearsof experience in the ICT field with at least2 yearsin ICT audit assurance and/or compliance management
Experience conducting audit fieldwork and understanding of regulatory compliance governance and internal controls
Experience in cyber security cloud application development or commercial public cloud platforms is advantageous
Mindset & Capabilities:
Problem Framing: Willingness and developing ability to frame audit work aroundwhat could go wrong and whyrather than defaulting to control checklists
Systems Thinking: Curiosity about how individual findings connect to broader conditions. Active habit of askingIs this likely to exist elsewhere What would cause this
Threat-Informed Perspective: Awareness that risk extends beyond traditional IT controls to include data resiliency platform and practice dimensions and willingness to develop depth across these areas
AI & Experimentation Fluency: Comfort using AI and automation tools as standard working methods. Willingness to try new approaches learn from imperfect outputs and iterate. Experience with data analytics audit automation or generative AI is a valuable addition
Learning Orientation: This role is the foundational development point for deeper specialisation candidates should demonstrate genuine curiosity and a growth mindset
Sound understanding of technology IT management processes technology risks and internal controls
Strong written and verbal communication skills
Ability to deliver high-quality thorough work with attention to detail
Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!
The remuneration package will commensurate with your qualifications and experience. Interested applicants please click Apply Now.
We thank you for your interest and please note that only shortlisted candidates will be notified.
By submitting your application you agree that your personal data may be collected used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS) GovTech and their service providers and agents in accordance with ATSs privacy statement which can be found at: or such other successor site.
Benefits
We promote a learning culture and encourage you to grow and learn.
Annual Leave Benefits with additional perks such as Family Care and Birthday Leave.
Working in a collaborative environment with helpful team members
Required Experience:
Manager
DescriptionAssurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services authentication services gov...
Description
Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services authentication services governance and assurance services as well as managed a dynamic digital and cyber landscape where trust & collaboration are key ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech government agencies and commercial partners to mitigate cyber risks and bolster security postures.
Key Responsibilities:
Role Purpose: A practitioner who delivers rigorous threat-informed audit execution contributes to systemic analysis and supports WoG capability building. This is the foundational role where problem-framing instincts systems awareness and AI fluency are developed the entry point from which practitioners grow toward deeper specialisation in risk intelligence policy feedback or capability enablement.
PILLAR 1 AUDIT EXECUTION (The Engine)
Oversee 4 audits as audit manager within the fiscal year ensuring:
Coverage of critical risk areas informed bythreat intelligence and systems criticality
Problem framing at the scoping stage: structuring audit objectives as risk hypotheses rather than control checklists askingwhat could go wrong and whybefore askingis this control in place
Clear concise articulation of findings asrisk narrativesconnecting control gaps to broader exposure and downstream impact
Recommendations that addressroot causes not just surface deficiencies
Timely issuance of reports as per planned timelines
Apply data quality discipline during fieldwork using standardised taxonomies and structured data capture to ensure findings feed Pillar 2s PRISM engine. Recognise that every audit engagement is simultaneously an intelligence-generation activity.
Develop and apply threat-informed thinking across audit engagements building awareness beyond cyber controls to include:
Data risk: quality lineage and privacy dimensions
Resiliency risk: tested versus actual failover capability
Platform risk: third-party and supply chain dependencies
Practice risk: how processes actually operate under pressure versus how they are documented
Embrace AI and automation tools as core working methods:
Use the Unified Audit Automation Product (AI-generated work programs Automated Control Testing Generative Reporting QA automation) as standard practice
Provide structured feedback on tool effectiveness to the Technology & Analytics horizontal
Adopt anexperimentation mindset willingness to try new approaches learn from imperfect outputs and iterate
Score vendor performance on live engagements contributing to Pillar 3s PRIME framework.
PILLAR 2 AUDIT ANALYSIS (The Brain)
Contribute to the annual audit risk assessment and planning process by:
Identifying key risk trends across WoG referencing industry threat intelligence and cybersecurity reports
Developinghypothesis-driven audit objectivesaligned with identified risks
Creating audit plans with procedures timelines and resources
Participate in the systemic analysis of IM8 audits by:
Conducting analysis of IM8 audits from the preceding fiscal year looking forpatterns and shared root causesacross engagements
Contributing to analysis outputs with clear systemic implications
Presenting analysis results to GovTech Seniors
Contribute to the Policy Feedback Loop:
Provide evidence-based observations to Policy Developers on IM8 policy effectiveness
Frame observations aroundimplementation context and root causes
Support policy enhancement for emerging technology domains
Build pattern recognition as a deliberate skill: during every audit engagement actively ask Is what Im seeing here likely to exist elsewhere What systemic condition would produce this finding and route observations to Pillar 2s analysis function.
PILLAR 3 IT AUDIT CAPABILITY DEVELOPMENT (The Enabler)
Contribute to the operationalisation of risk-based auditing across WoG by:
Supporting training delivery to WoG auditors and agencies
Contributing to audit methodology maintenance and updates
Raising awareness through WoG briefings newsletters blogs and community engagement
Support the relevance of IM8 and audit methodology training ensuring alignment with current policy and emerging risk themes.
Identify opportunities for technology-enabled improvement:
Assess where AI automation and analytics can enhance audit work
Support distribution and adoption of CDAs Unified Audit Automation Product
Treat technology adoption as aniterative learning process
Stay current with emerging technologies threat vectors and trends in the audit and assurance profession building the practitioner depth that underpins credible threat-informed audit work.
Requirements
A degree in an IT-related discipline or equivalent qualification
Professional certifications such as CISA and cloud security certification are essential
A minimum of4 yearsof experience in the ICT field with at least2 yearsin ICT audit assurance and/or compliance management
Experience conducting audit fieldwork and understanding of regulatory compliance governance and internal controls
Experience in cyber security cloud application development or commercial public cloud platforms is advantageous
Mindset & Capabilities:
Problem Framing: Willingness and developing ability to frame audit work aroundwhat could go wrong and whyrather than defaulting to control checklists
Systems Thinking: Curiosity about how individual findings connect to broader conditions. Active habit of askingIs this likely to exist elsewhere What would cause this
Threat-Informed Perspective: Awareness that risk extends beyond traditional IT controls to include data resiliency platform and practice dimensions and willingness to develop depth across these areas
AI & Experimentation Fluency: Comfort using AI and automation tools as standard working methods. Willingness to try new approaches learn from imperfect outputs and iterate. Experience with data analytics audit automation or generative AI is a valuable addition
Learning Orientation: This role is the foundational development point for deeper specialisation candidates should demonstrate genuine curiosity and a growth mindset
Sound understanding of technology IT management processes technology risks and internal controls
Strong written and verbal communication skills
Ability to deliver high-quality thorough work with attention to detail
Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!
The remuneration package will commensurate with your qualifications and experience. Interested applicants please click Apply Now.
We thank you for your interest and please note that only shortlisted candidates will be notified.
By submitting your application you agree that your personal data may be collected used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS) GovTech and their service providers and agents in accordance with ATSs privacy statement which can be found at: or such other successor site.
Benefits
We promote a learning culture and encourage you to grow and learn.
Annual Leave Benefits with additional perks such as Family Care and Birthday Leave.
Working in a collaborative environment with helpful team members
Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication servic
... View more
Job Location:
Monthly Salary:
Posted on:
Vacancies:
