Audit Manager

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Key Responsibilities:

Role Purpose: A practitioner who delivers rigorous, threat-informed audit execution, contributes to systemic analysis, and supports WoG capability building. This is the foundational role where problem-framing instincts, systems awareness, and AI fluency are developed — the entry point from which practitioners grow toward deeper specialisation in risk intelligence, policy feedback, or capability enablement.

PILLAR 1 — AUDIT EXECUTION (The "Engine")

• Oversee 4 audits as audit manager within the fiscal year, ensuring:
• Coverage of critical risk areas informed by threat intelligence and systems criticality
• Problem framing at the scoping stage: structuring audit objectives as risk hypotheses rather than control checklists — asking "what could go wrong and why" before asking "is this control in place"
• Clear, concise articulation of findings as risk narratives connecting control gaps to broader exposure and downstream impact
• Recommendations that address root causes, not just surface deficiencies
• Timely issuance of reports as per planned timelines

• Apply data quality discipline during fieldwork — using standardised taxonomies and structured data capture to ensure findings feed Pillar 2's PRISM engine. Recognise that every audit engagement is simultaneously an intelligence-generation activity.
• Develop and apply threat-informed thinking across audit engagements, building awareness beyond cyber controls to include:
• Data risk: quality, lineage, and privacy dimensions
• Resiliency risk: tested versus actual failover capability
• Platform risk: third-party and supply chain dependencies
• Practice risk: how processes actually operate under pressure versus how they are documented

• Embrace AI and automation tools as core working methods:
• Use the Unified Audit Automation Product (AI-generated work programs, Automated Control Testing, Generative Reporting, QA automation) as standard practice
• Provide structured feedback on tool effectiveness to the Technology & Analytics horizontal
• Adopt an experimentation mindset — willingness to try new approaches, learn from imperfect outputs, and iterate

• Score vendor performance on live engagements, contributing to Pillar 3's PRIME framework.

PILLAR 2 — AUDIT ANALYSIS (The "Brain")

• Contribute to the annual audit risk assessment and planning process by:
• Identifying key risk trends across WoG, referencing industry threat intelligence and cybersecurity reports
• Developing hypothesis-driven audit objectives aligned with identified risks
• Creating audit plans with procedures, timelines, and resources

• Participate in the systemic analysis of IM8 audits by:
• Conducting analysis of IM8 audits from the preceding fiscal year, looking for patterns and shared root causes across engagements
• Contributing to analysis outputs with clear systemic implications
• Presenting analysis results to GovTech Seniors

• Contribute to the Policy Feedback Loop:
• Provide evidence-based observations to Policy Developers on IM8 policy effectiveness
• Frame observations around implementation context and root causes
• Support policy enhancement for emerging technology domains

• Build pattern recognition as a deliberate skill: during every audit engagement, actively ask "Is what I'm seeing here likely to exist elsewhere? What systemic condition would produce this finding?" — and route observations to Pillar 2's analysis function.

PILLAR 3 — IT AUDIT CAPABILITY DEVELOPMENT (The "Enabler")

• Contribute to the operationalisation of risk-based auditing across WoG by:
• Supporting training delivery to WoG auditors and agencies
• Contributing to audit methodology maintenance and updates
• Raising awareness through WoG briefings, newsletters, blogs, and community engagement

• Support the relevance of IM8 and audit methodology training, ensuring alignment with current policy and emerging risk themes.
• Identify opportunities for technology-enabled improvement:
• Assess where AI, automation, and analytics can enhance audit work
• Support distribution and adoption of CDA's Unified Audit Automation Product
• Treat technology adoption as an iterative learning process

• Stay current with emerging technologies, threat vectors, and trends in the audit and assurance profession — building the practitioner depth that underpins credible, threat-informed audit work.

Requirements:
• A degree in an IT-related discipline or equivalent qualification
• Professional certifications such as CISA and cloud security certification are essential
• A minimum of 4 years of experience in the ICT field, with at least 2 years in ICT audit, assurance, and/or compliance management
• Experience conducting audit fieldwork and understanding of regulatory compliance, governance, and internal controls
• Experience in cyber security, cloud application development, or commercial public cloud platforms is advantageous

• Mindset & Capabilities:

• Problem Framing: Willingness and developing ability to frame audit work around "what could go wrong and why" rather than defaulting to control checklists
• Systems Thinking: Curiosity about how individual findings connect to broader conditions. Active habit of asking "Is this likely to exist elsewhere? What would cause this?"
• Threat-Informed Perspective: Awareness that risk extends beyond traditional IT controls to include data, resiliency, platform, and practice dimensions — and willingness to develop depth across these areas
• AI & Experimentation Fluency: Comfort using AI and automation tools as standard working methods. Willingness to try new approaches, learn from imperfect outputs, and iterate. Experience with data analytics, audit automation, or generative AI is a valuable addition
• Learning Orientation: This role is the foundational development point for deeper specialisation — candidates should demonstrate genuine curiosity and a growth mindset
• Sound understanding of technology, IT management processes, technology risks, and internal controls
• Strong written and verbal communication skills
• Ability to deliver high-quality, thorough work with attention to detail

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/privacy.html or such other successor site.

Benefits:
• We promote a learning culture and encourage you to grow and learn.
• Annual Leave Benefits with additional perks such as Family Care and Birthday Leave.
• Working in a collaborative environment with helpful team members