IT GRC Manager - Cybersecurity - Singpass

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

What you will be working on:

We secure Singpass, Singapore's national digital identity system—one of the most critical and widely used digital platforms in the country and a recognised leader in the global digital identity space. Singpass enables authentication, authorisation, digital signatures, corporate identity (Corppass), government-verified data sharing (Myinfo), and secure transactions across both government and private-sector services.

Working on Singpass means operating at the intersection of risk management, business operations and innovation. You will be part of a dynamic, cross-functional team reporting to the Singpass Chief Governance and Risk Offer, that collaborates closely with Security, Engineering, Policy, Product and other specialist teams to ensure our platform meets the highest standards of risk management, compliance and security. This role demands rigorous adherence to statutory requirements such as IM8, alongside international standards including WebTrust, whilst maintaining our position as a trusted digital identity leader.

Risk identification and compliance management are non-negotiable aspects of this role. We seek an individual with high aspirations and the independence to proactively identify emerging risks, operational risks and drive compliance initiatives through automation, and contribute to the continuous enhancement of our risk management framework.

Your work will directly impact millions of users who rely on Singpass for secure digital interactions, making this both a challenging and rewarding opportunity to strengthen Singapore's digital future.

Responsibilities:

• Function in a small but agile team, supporting a Certificate Authority Infrastructure system
• Be required to establish Risk Oversight & maintaining hands-on involvement in developing and ensuring processes are compliant for a Public Key Infrastructure system
• Need to Establish Key risks and control metrics to measure success for stakeholder reporting
• Apply systems thinking to understand how controls interact across processes, platforms, and teams, moving beyond theoretical requirements to practical implementation. A key aspect of your role involves translating risk governance requirements into actionable solutions that prioritise stakeholder experience, ensuring appropriate governance without hindering operational velocity and innovation.
• Need to collaborate with teams across different domains in the implementation of practical solutions
• Serve as a risk and compliance advisor to the project team, project stakeholders, providing guidance on risk scenarios
• Need to be able to conduct risk assessments and ensuring that cybersecurity and operational risks are effectively identified, assessed, and mitigated.
• Be expected to prepare and lead the team to succeed in audits. You will be expected to be familiar with the team’s compliance and risk posture, front the audits and guide the team effectively in addressing Auditor’s Request For Information.
• Support stakeholder such as the CISO in providing guidance in risk and compliance controls, risk training programmes, etc
• Contribute to enhancing and optimising Risk Management frameworks, including how collection compliance and risk metrics could be automated and maintained their relevance
• Develop and maintain Risk and Compliance documentation & runbooks with the project team and training materials.
• Be required to keep yourself updated with industries best practices and government policies and translate them into actionable items to continuously improve the Risk & Compliance posture of the system

• Specialised Technical Expertise: You should possess deep knowledge of cybersecurity risk frameworks, operational risk management methodologies, and technology risk assessment techniques. For this role, deep knowledge or hands-on experience in WebTrust for Certificate Authority will be highly valued. Experience with risk management methodologies such as FAIR, ISO 27005 and NIST SP 800-30, and operational risk models is essential. Understanding of cloud security, data protection, and emerging technology risks will be required. You must demonstrate pragmatic controls design capabilities and comfort operating in imperfect integration environments.
• Strategic and Analytical Capabilities: Strong analytical thinking and structured problem-solving abilities are crucial, along with the capacity to synthesise complex information into actionable insights. You should demonstrate experience in developing risk strategies, conducting scenario analysis, and presenting risk assessments to senior leadership. Proficiency in risk modelling tools and techniques, combined with systems thinking across business, technology, and risk domains, is expected. The ability to translate technical risks into business impact terms is essential.
• Leadership and Communication Skills: Excellent stakeholder management abilities are essential, particularly in engaging with senior leadership, CISOs, and cross-functional teams. You should be comfortable presenting to executive audiences and possess strong written communication skills for developing policies and risk reports. Strong leadership capability to drive systemic change and influence without relying solely on direct authority is critical, along with the ability to build consensus across diverse stakeholder groups.
• Experience and Qualifications: A minimum of 4 to 6 years of progressive experience in risk management, with significant exposure to cybersecurity and operational risk domains. Experience in technology organisations, government agencies, or regulated industries would be advantageous. Professional certifications such as Open FAIR, CISSP or CRISC preferred.

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at:  https://www.assurity.sg/  or such other successor site.

• A wholly-owned subsidiary of GovTech.
• An attractive yearly training budget and annual performance bonus.