Is the Cybersecurity Engineer (GRC Manager) role at Assurity Trusted Solutions remote?

The Cybersecurity Engineer (GRC Manager) role at Assurity Trusted Solutions is an on-site position located in Singapore, Singapore, Singapore.

How do I apply for the Cybersecurity Engineer (GRC Manager) position at Assurity Trusted Solutions?

You can apply for the Cybersecurity Engineer (GRC Manager) position at Assurity Trusted Solutions directly through HireHere. Click the "Apply" button on the job listing to be taken to the application page.

Cybersecurity Engineer (GRC Manager)

Assurity Trusted SolutionsSingapore, Singapore, Singapore7h ago

Assurity Trusted Solutions (ATS) is a wholly owned subsidiary of the Government Technology Agency (GovTech). As a Trusted Partner over the last decade. ATS offers a comprehensive suite of products and services ranging from infrastructure and operational services, governance and assurance services as well as managed processes. In a dynamic digital & cyber landscape where trust & collaboration is key, ATS continues to drive mutually beneficial business outcomes through collaboration with GovTech, government agencies and commercial partners to mitigate cyber risks and bolster security postures.

Responsibilities:

GRC leadership & 2nd line of defence

Act as the de facto lead for GRC, shaping how we govern risk and compliance across managed products and platforms within the team’s remit.
Operate as 2nd line of defence for ICT risk and controls providing independent challenge on risk, control design, and effectiveness.
Partner closely with Product team to embed pragmatic security and compliance into day-to-day delivery.

Security Plan governance and automation

Own the governance and standards for Security Plan submissions across CIOO and product teams – including templates, minimum evidence expectations, and quality benchmarks.
Review Security Plans and supporting evidence, assess control coverage and implementation maturity, and Recommendation of Security Plan approvals to the stakeholders.
Treat automation as an “always-on audit”:

Collaborate with product and platform teams to define the Security Plan evidence that should be checked automatically.
Use automated checks to surface gaps, anomalies, and missing evidence, and drive remediation with product teams.

Track and report KPIs for Security Plan (e.g. coverage and consistency of controls, Security Plan cycle time, defect rates) across CIOO and product teams.

ICT audit and evidence management

Design, implement, and own workflows for ICT audit, risk, and findings management.
Structure and maintain knowledge and documentation spaces as the source of truth for:

ICT audit plans, scopes, and procedures
Control descriptions and standard evidence templates
Central repositories of audit evidence and Security Plan artefacts

Plan and execute thematic and product-level ICT audits under the CISO’s direction, independently assessing:

Whether required work has been completed
Whether evidence provided by product teams is sufficient and reliable

Coordinate with internal audit (3rd line) on ICT/security audit engagements, facilitate evidence collection, and track closure of findings in the issue-tracking system.
Provide regular management reporting on audit status, key risks, and trends to CIOO leadership and the CISO.

Security policy ownership

Serve as author and custodian for key GovTech-wide security and technology policies under CIOO’s remit, for example:

Sandbox usage (development / test environments)
AI coding practices and guardrails
SaaS usage, onboarding, and clearance requirements

Own the policy lifecycle: drafting, stakeholder consultation, impact assessment, approval routing, publication, and periodic review.
Translate policy into clear, practical guidance for product teams (e.g. how to comply in the issue-tracking and collaboration platforms, what “good” evidence looks like, what patterns and exceptions are acceptable).
Monitor policy adoption and escalate material non-compliance or risk acceptances to the CISO where necessary.

Security Education, Training and Awareness (SeTA)

Lead SeTA for GovTech HQ in alignment with CIOO’s cyber strategy and policies.
Design and run targeted SeTA campaigns, including:

Phishing simulations and follow-up actions
Security newsletters tailored to different audiences (e.g. tech vs non-tech)
Brown-bag sessions / clinics to deep-dive into topics like SaaS usage, sandboxing, secure coding, and incident reporting.

Define and track SeTA KPIs (e.g. phishing susceptibility, completion rates, engagement metrics) and use insights to continually refine content and focus areas.

Change management & stakeholder engagement

Champion a “new way of doing audit and GRC” using:

standard issue-tracking and collaboration tools as the primary systems of record for audit and evidence
automated controls and analytics for continuous, data-driven assurance

Influence and negotiate with senior stakeholders (Product Directors, Application Owners, central functions) to adopt and sustain these new practices.
Communicate complex policy and risk topics in clear, outcome-focused language, tailored to both technical and non-technical audiences.
Provide clear, actionable recommendations to the CISO and CIOO leadership on risk, remediation priorities, and structural improvements.

Requirements

At least 5 years of experience in Cybersecurity, preferably in a regulated or public-sector environment.
Strong understanding of:

ICT governance and security controls across applications, infrastructure, and SaaS
How product teams work (SDLC, agile delivery, cloud/SaaS usage) and where to embed controls without blocking delivery.

Comfortable acting as 2nd line of defence – providing independent challenge, validating evidence, and working constructively with 1st line teams and 3rd line internal audit.
Practical experience with enterprise issue-tracking and collaboration platforms:

Designing or maintaining workflows, issue types, and dashboards for audit, risk, or compliance
Structuring spaces/pages for policies, standards, and evidence repositories

Strong policy writing skills – able to draft clear, concise policies and standards, and translate them into playbooks, checklists, and working-level guidance.
Experience in security awareness and training:

Designing or running phishing simulations
Producing newsletters or comms
Delivering talks or briefings is a plus.

Comfortable working with automation and AI-enabled tools (such as enterprise search platforms) to scale GRC and audit work.
Excellent stakeholder management, influencing, and negotiation skills, with a track record of:

Leading change in how teams work (e.g. moving to issue-tracking- and collaboration-based evidence and audit)
Challenging assumptions respectfully
Finding pragmatic, risk-aware compromises.

Join us and discover a meaningful and exciting career with Assurity Trusted Solutions!

The remuneration package will commensurate with your qualifications and experience. Interested applicants, please click "Apply Now".

We thank you for your interest and please note that only shortlisted candidates will be notified.

By submitting your application, you agree that your personal data may be collected, used and disclosed by Assurity Trusted Solutions Pte. Ltd. (ATS), GovTech and their service providers and agents in accordance with ATS’s privacy statement which can be found at: https://www.assurity.sg/ or such other successor site.

Benefits

A wholly-owned subsidiary of GovTech.
We promote a learning culture and encourage you to grow and learn.
Contract Staff enjoys the same benefits as Permanent Employees.

Cybersecurity Engineer (GRC Manager)

Explore Engineering

Skills in this job

People also search for