[What the role is]
GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.[What you will be working on]
Develop and customise audit programmes / security audit checklists to assess the design and operating effectiveness of internal controls in mitigating IT risks.
Plan, develop and conduct annual policy compliance and process audits, technical audits on critical systems and infrastructure.
Manage auditee interactions, including briefings, conduct of audit fieldwork, management responses and follow-up actions to ensure on-time and on-target execution of audit plans.
Review audit findings and assess overall state of ICT governance and risks.
Work with auditees at the working and management levels to assess the state of internal processes and controls and identify recommendations to address the gaps.
Monitor and validate audit findings to ensure control remediation is effective and root causes have been addressed.
Manage outsourced IT audits, including VAPT where necessary, from Procurement of audit services, audit planning to completion and payment verification. The role includes taking on the role of IT Audit Point in Contact which includes being the 1st escalation point of contact for outsourced IT auditors and auditees to resolve any engagement issues, participating in Audit Planning, issue discussion, and opening/closing audit meetings and other meetings assessed necessary.
Summarize results of IT audits for management reporting including proper disposition of test exceptions and follow up.
Recommend improvements to IT security and controls, governance, and risk management processes to the organisation.
Leverage expertise to contribute to Internal Audit transformation initiatives (e.g. onboard of AGEM, Continuous Auditing, etc) and on operationalising IM8 requirements, including data management and storage.
Contribute to integrated audits.
[What we are looking for]
Degree in IT discipline, or equivalent.
Possess related professional certifications such as Certified Information Systems Auditor (CISA) and cloud security certification.
Minimum 5years in ICT audit and/or compliance management. Audit experience and knowledge relating to cyber security, network and infrastructure, cloud security and virtualisation, application security and development, data privacy and protection, and/or business continuity and disaster recovery would be a plus.
Prior experience leading audits and conducting audit fieldwork and has good working knowledge and understanding of regulatory compliance, governance and internal controls. Experience in the use of data analytics in fieldwork would be preferred.
Prior experience in managing people including providing performance feedback would be a bonus.
Strong understanding of technology, IT management processes, technology risks and internal controls. Have basic understanding in prompt engineering and constant use of AI in delivery of the work.
Able to deliver quality and thorough work, with eye for details.
Good written and verbal communication and presentation skills.
GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe it is key to innovation.
Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.
We champion flexible work arrangements (subject to your job role) and trust you to manage your time to deliver your best.
Learn more about life inside GovTech at go.gov.sg/GovTechCareers