Senior/IT Auditor

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade, ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, authentication services, governance and assurance services as well as managed processes. In a dynamic digital and cyber landscape, where trust & collaboration are key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Key Responsibilities: Audit Planning & Programme Development • Develop customised audit programmes and security checklists to assess internal controls for IT risks, emphasising data privacy, IM8 compliance, and emerging technologies including cloud services and AI systems. • Plan annual audits and technical assessments of critical systems and infrastructure, utilising risk-based methodologies and continuous monitoring approaches. • Manage outsourced audit resources and specialist expertise to deliver committed audit deliverables whilst maintaining quality standards.

Audit Execution & Fieldwork • Conduct comprehensive ICT&SS audits for agencies designated by Central Digital Assurance (CDA), focusing on data security and privacy controls, security frameworks, and hybrid cloud environments. • Execute in-depth audits of government systems up to Secret classification, evaluating sensitive personal data handling, AI governance, and zero trust architecture implementation. • Manage agency relationships throughout audit lifecycle, from briefings to fieldwork execution, ensuring timely delivery through effective stakeholder engagement.

Risk Assessment & Strategic Analysis • Evaluate agencies' ICT governance maturity and risk posture, particularly regarding data privacy compliance, security controls, third-party risks, and cyber resilience against evolving threats including AI Governance. • Formulate strategic mitigation plans to strengthen ICT governance, data privacy frameworks, data sharing compliance, and privacy-by-design implementation across government systems.

Follow-up & Continuous Monitoring • Perform follow-up audits and validation of remediation efforts to ensure effective control implementation and root cause resolution. • Maintain central audit findings repository and monitor remediation progress using analytics to support continuous improvement initiatives.