Lead Audit Manager

About the role

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures. Key Responsibilities: Role Purpose: A senior practitioner-leader who ensures CDA's audit engine generates high-fidelity intelligence, the analysis brain produces actionable systemic insights, and the capability enabler builds sustainable WOG IT audit capacity. Operates as a systems thinker who sees how audit execution, risk intelligence, policy feedback, and capability uplift form a single integrated loop - and takes accountability for keeping that loop functioning. PILLAR 1 - AUDIT EXECUTION Oversee a portfolio of a minimum of 10 IM8 audits as portfolio manager and 4 audits as audit manager within the fiscal year, ensuring: Coverage of critical risk areas informed by threat intelligence and systems criticality , not solely by compliance checklists Problem framing at the scoping stage : defining audit objectives around "what could go wrong and why" rather than "what controls exist" , applying a risk-based lens that interrogates root causes and systemic conditions Clear, concise articulation of audit findings framed as risk narratives - connecting individual control gaps to broader systemic exposure, downstream dependencies, and potential cascading impact Recommendations that address root causes and systemic conditions , not merely surface-level control deficiencies, enhancing the organisation's risk management posture Timely issuance of reports as per planned timelines Enforce data standardisation and structured taxonomy during fieldwork to ensure findings are "machine-readable" and immediately ingestible by Pillar 2's PRISM engine - understanding that the quality of systemic intelligence is bounded by the quality of data generated at the execution layer. Supervise vendor engagement with a dual lens: Day-to-day management of outsourced auditors on live engagements Performance scoring that feeds Pillar 3's PRIME vendor ecosystem management, ensuring the "Capability Flow" loop (Pillar 3 → Pillar 1) is grounded in real performance data Apply threat-informed thinking across the full risk landscape during audit execution - not limited to cyber controls, but extending to: Data risk : quality degradation, lineage failures, privacy exposure from dataset combination Resiliency risk : failover architectures tested annually but changed continuously Platform risk : supply chain vulnerabilities in cloud providers, third-party components, and AI APIs Practice risk : the gap between how processes are designed and how they are actually executed under deadline pressure Champion experimentation with AI and automation tools during audit execution: Actively use and provide feedback on the Unified Audit Automation Product (AI-generated risk-based work programs, Automated Control Testing, Generative Reporting, QA automation) Identify where manual audit steps can be replaced or augmented by AI, and work with the Technology & Analytics horizontal to iterate on tooling Model comfort with imperfect-but-improving AI outputs, treating tool adoption as an iterative learning process rather than a binary deployment decision PILLAR 2 - AUDIT ANALYSIS Co-lead the annual audit risk assessment and planning process by: Applying systems thinking to identify and prioritise key risk trends across WoG - looking beyond individual agency findings to spot interconnected risks, shared vulnerabilities, and common root causes Referencing industry threat intelligence, cybersecurity reports, and emerging technology trends to frame audit objectives around where the threat landscape is moving , not where it was Developing audit objectives that are explicitly hypothesis-driven : "We believe X risk is systemic because of Y signals - this audit will test that hypothesis" Creating audit plans that articulate procedures, timelines, and resources aligned to risk hypotheses Co-lead the systemic analysis of IM8 audits by: Conducting cross-portfolio analysis of IM8 audits from the preceding fiscal year, using PRISM and other analytical tools to identify patterns, correlations, and systemic root causes that individual audit reports cannot surface Framing analysis outputs as actionable intelligence - not merely "here is what we found" but "here is what this means for WoG risk posture, and here is what should change" Presenting analysis results to GovTech Seniors with clear articulation of systemic implications and recommended interventions Operate the