Audit Manager

About the role

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures. Key Responsibilities: Role Purpose: A practitioner who delivers rigorous, threat-informed audit execution, contributes to systemic analysis, and supports WoG capability building. This is the foundational role where problem-framing instincts, systems awareness, and AI fluency are developed - the entry point from which practitioners grow toward deeper specialisation in risk intelligence, policy feedback, or capability enablement. PILLAR 1 - AUDIT EXECUTION (The "Engine") Oversee 4 audits as audit manager within the fiscal year, ensuring: Coverage of critical risk areas informed by threat intelligence and systems criticality Problem framing at the scoping stage : structuring audit objectives as risk hypotheses rather than control checklists - asking "what could go wrong and why" before asking "is this control in place" Clear, concise articulation of findings as risk narratives connecting control gaps to broader exposure and downstream impact Recommendations that address root causes , not just surface deficiencies Timely issuance of reports as per planned timelines Apply data quality discipline during fieldwork - using standardised taxonomies and structured data capture to ensure findings feed Pillar 2's PRISM engine. Recognise that every audit engagement is simultaneously an intelligence-generation activity. Develop and apply threat-informed thinking across audit engagements, building awareness beyond cyber controls to include: Data risk : quality, lineage, and privacy dimensions Resiliency risk : tested versus actual failover capability Platform risk : third-party and supply chain dependencies Practice risk : how processes actually operate under pressure versus how they are documented Embrace AI and automation tools as core working methods : Use the Unified Audit Automation Product (AI-generated work programs, Automated Control Testing, Generative Reporting, QA automation) as standard practice Provide structured feedback on tool effectiveness to the Technology & Analytics horizontal Adopt an experimentation mindset - willingness to try new approaches, learn from imperfect outputs, and iterate Score vendor performance on live engagements, contributing to Pillar 3's PRIME framework. PILLAR 2 - AUDIT ANALYSIS (The "Brain") Contribute to the annual audit risk assessment and planning process by: Identifying key risk trends across WoG, referencing industry threat intelligence and cybersecurity reports Developing hypothesis-driven audit objectives aligned with identified risks Creating audit plans with procedures, timelines, and resources Participate in the systemic analysis of IM8 audits by: Conducting analysis of IM8 audits from the preceding fiscal year, looking for patterns and shared root causes across engagements Contributing to analysis outputs with clear systemic implications Presenting analysis results to GovTech Seniors Contribute to the Policy Feedback Loop : Provide evidence-based observations to Policy Developers on IM8 policy effectiveness Frame observations around implementation context and root causes Support policy enhancement for emerging technology domains Build pattern recognition as a deliberate skill : during every audit engagement, actively ask "Is what I'm seeing here likely to exist elsewhere? What systemic condition would produce this finding?" - and route observations to Pillar 2's analysis function. PILLAR 3 - IT AUDIT CAPABILITY DEVELOPMENT (The "Enabler") Contribute to the operationalisation of risk-based auditing across WoG by: Supporting training delivery to WoG auditors and agencies Contributing to audit methodology maintenance and updates Raising awareness through WoG briefings, newsletters, blogs, and community engagement Support the relevance of IM8 and audit methodology training , ensuring alignment with current policy and emerging risk themes. Identify opportunities for technology-enabled improvement : Assess where AI, automation, and analytics can enhance audit work Support distribution and adoption of CDA's Unified Audit Automation Product Treat technology adoption as an iterative learning process Stay current with emerging technologies, threat vectors, and trends in the audit and assurance profession - building the practitioner depth that underpins credible, threat-informed audit work. A degree in an IT-related discipline or equivalent qualification Profession