IT GRC Manager - Cybersecurity - Singpass

About the role

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures. What you will be working on: We secure Singpass, Singapore's national digital identity system-one of the most critical and widely used digital platforms in the country and a recognised leader in the global digital identity space. Singpass enables authentication, authorisation, digital signatures, corporate identity (Corppass), government-verified data sharing (Myinfo), and secure transactions across both government and private-sector services. Working on Singpass means operating at the intersection of risk management, business operations and innovation. You will be part of a dynamic, cross-functional team reporting to the Singpass Chief Governance and Risk Offer, that collaborates closely with Security, Engineering, Policy, Product and other specialist teams to ensure our platform meets the highest standards of risk management, compliance and security. This role demands rigorous adherence to statutory requirements such as IM8, alongside international standards including WebTrust, whilst maintaining our position as a trusted digital identity leader. Risk identification and compliance management are non-negotiable aspects of this role. We seek an individual with high aspirations and the independence to proactively identify emerging risks, operational risks and drive compliance initiatives through automation , and contribute to the continuous enhancement of our risk management framework. Your work will directly impact millions of users who rely on Singpass for secure digital interactions, making this both a challenging and rewarding opportunity to strengthen Singapore's digital future. Responsibilities: Function in a small but agile team, supporting a Certificate Authority Infrastructure system Be required to establish Risk Oversight & maintaining hands-on involvement in developing and ensuring processes are compliant for a Public Key Infrastructure system Need to Establish Key risks and control metrics to measure success for stakeholder reporting Apply systems thinking to understand how controls interact across processes, platforms, and teams, moving beyond theoretical requirements to practical implementation. A key aspect of your role involves translating risk governance requirements into actionable solutions that prioritise stakeholder experience, ensuring appropriate governance without hindering operational velocity and innovation. Need to collaborate with teams across different domains in the implementation of practical solutions Serve as a risk and compliance advisor to the project team, project stakeholders, providing guidance on risk scenarios Need to be able to conduct risk assessments and ensuring that cybersecurity and operational risks are effectively identified, assessed, and mitigated. Be expected to prepare and lead the team to succeed in audits. You will be expected to be familiar with the team's compliance and risk posture, front the audits and guide the team effectively in addressing Auditor's Request For Information. Support stakeholder such as the CISO in providing guidance in risk and compliance controls, risk training programmes, etc Contribute to enhancing and optimising Risk Management frameworks, including how collection compliance and risk metrics could be automated and maintained their relevance Develop and maintain Risk and Compliance documentation & runbooks with the project team and training materials. Be required to keep yourself updated with industries best practices and government policies and translate them into actionable items to continuously improve the Risk & Compliance posture of the system Specialised Technical Expertise: You should possess deep knowledge of cybersecurity risk frameworks, operational risk management methodologies, and technology risk assessment techniques. For this role, deep knowledge or hands-on experience in WebTrust for Certificate Authority will be highly valued. Experience with risk management methodologies such as FAIR, ISO 27005 and NIST SP 800-30, and operational risk models is essential. Understanding of cloud security, data protection, and emerging technology risks will be required. You must demonstrate pragmatic controls design capabilities and comfort operating in imperfect integration environments. Strategic and Analytical Capabilities: Strong analytical thinking and structured problem-solving abilities are crucial, along with the capacity to synthesise