Assurity Trusted Solutions Pte Ltd
Cybersecurity Engineer (GRC Manager)
Assurity Trusted Solutions Pte LtdSingapore14 hours ago
ContractOther
Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Responsibilities:

GRC leadership & 2nd line of defence

  • Act as the de facto lead for GRC, shaping how we govern risk and compliance across managed products and platforms within the team's remit
  • Operate as 2nd line of defence for ICT risk and controls providing independent challenge on risk, control design, and effectiveness
  • Partner closely with Product team to embed pragmatic security and compliance into day-to-day delivery

Security Plan governance and automation

  • Own the governance and standards for Security Plan submissions across CIOO and product teams - including templates, minimum evidence expectations, and quality benchmarks
  • Review Security Plans and supporting evidence, assess control coverage and implementation maturity, and Recommendation of Security Plan approvals to the stakeholders
  • Treat automation as an "always-on audit":
  • Collaborate with product and platform teams to define the Security Plan evidence that should be checked automatically
  • Use automated checks to surface gaps, anomalies, and missing evidence, and drive remediation with product teams
  • Track and report KPIs for Security Plan (e.g. coverage and consistency of controls, Security Plan cycle time, defect rates) across CIOO and product teams

ICT audit and evidence management

  • Design, implement, and own workflows for ICT audit, risk, and findings management.
  • Structure and maintain knowledge and documentation spaces as the source of truth for:
  • ICT audit plans, scopes, and procedures
  • Control descriptions and standard evidence templates
  • Central repositories of audit evidence and Security Plan artefacts
  • Plan and execute thematic and product-level ICT audits under the CISO's direction, independently assessing:
    • Whether required work has been completed
    • Whether evidence provided by product teams is sufficient and reliable
    • Coordinate with internal audit (3rd line) on ICT/security audit engagements, facilitate evidence collection, and track closure of findings in the issue-tracking system
    • Provide regular management reporting on audit status, key risks, and trends to CIOO leadership and the CISO

    Security policy ownership

  • Serve as author and custodian for key GovTech-wide security and technology policies under CIOO's remit, for example:
    • Sandbox usage (development / test environments)
    • AI coding practices and guardrails
    • SaaS usage, onboarding, and clearance requirements
    • Own the policy lifecycle: drafting, stakeholder consultation, impact assessment, approval routing, publication, and periodic review
    • Translate policy into clear, practical guidance for product teams (e.g. how to comply in the issue-tracking and collaboration platforms, what "good" evidence looks like, what patterns and exceptions are acceptable)
    • Monitor policy adoption and escalate material non-compliance or risk acceptances to the CISO where necessary

    Security Education, Training and Awareness (SeTA)

  • Lead SeTA for GovTech HQ in alignment with CIOO's cyber strategy and policies
  • Design and run targeted SeTA campaigns, including:
    • Phishing simulations and follow-up actions
    • Security newsletters tailored to different audiences (e.g. tech vs non-tech)
    • Brown-bag sessions / clinics to deep-dive into topics like SaaS usage, sandboxing, secure coding, and incident reporting
    • Define and track SeTA KPIs (e.g. phishing susceptibility, completion rates, engagement metrics) and use insights to continually refine content and focus areas

    Change management & stakeholder engagement

  • Champion a "new way of doing audit and GRC" using:
    • standard issue-tracking and collaboration tools as the primary systems of record for audit and evidence
    • automated controls and analytics for continuous, data-driven assurance
    • Influence and negotiate with senior stakeholders (Product Directors, Application Owners, central functions) to adopt and sustain these new practices
    • Communicate complex policy and risk topics in clear, outcome-focused language, tailored to both technical and non-technical audiences
    • Provide clear, actionable recommendations to the CISO and CIOO leadership on risk, remediation priorities, and structural improvements

    Requirements

  • At least 5 years of experience in Cybersecurity, preferably in a regulated or public-sector environment
  • Strong understanding of:
  • ICT governance and security controls across applications, infrastructure, and SaaS
  • How product teams work (SDLC, agile delivery, cloud/SaaS usage) and where to embed controls without blocking delivery
  • Comfortable acting as 2nd line of defence - providing independent challenge, validating evidence, and working constructively with 1st line teams and 3rd line internal audit
  • Practical experience with enterprise issue-tracking and collaboration platforms:
  • Designing or maintaining workflows, issue types, and dashboards for audit, risk, or compliance
  • Structuring spaces/pages for policies, standards, and evidence repositories
  • Strong policy writing skills - able to draft clear, concise policies and standards, and translate them into playbooks, checklists, and working-level guidance
  • Experience in security awareness and training:
    • Designing or running phishing simulations
    • Producing newsletters or comms
    • Delivering talks or briefings is a plus
    • Comfortable working with automation and AI-enabled tools (such as enterprise search platforms) to scale GRC and audit work
    • Excellent stakeholder management, influencing, and negotiation skills, with a track record of:
      • Leading change in how teams work (e.g. moving to issue-tracking- and collaboration-based evidence and audit)
      • Challenging assumptions respectfully
      • Finding pragmatic, risk-aware compromises
    Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

    The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

    We thank you for your interest and please note that only shortlisted candidates will be notified.

    By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS's privacy statement which can be found at: https://www.assurity.sg/ or such other successor site.

    Benefits

    • A wholly-owned subsidiary of GovTech
    • We promote a learning culture and encourage you to grow and learn
    • Contract Staff enjoys the same benefits as Permanent Employees

    Key Skills

    Ranked by relevance
    Apply