Description

Temasek is a global investment company headquartered in Singapore, with a net portfolio value of S$434 billion (US$324 billion, €299 billion, £250 billion, and RMB2.35 trillion) as at 31 March 2025. Marking our unlisted assets to market would provide S$35 billion of value uplift and bring our mark to market net portfolio value to S$469 billion.

Our Purpose So Every Generation Prospers guides us to make a difference for today's and future generations.

Operating on commercial principles, we seek to deliver sustainable returns over the long term.

We have 13 offices in 9 countries around the world: Beijing, Hanoi, Mumbai, Shanghai, Shenzhen, and Singapore in Asia; and Brussels, London, Mexico City, New York, Paris, San Francisco, and Washington, DC outside Asia.

For more information on Temasek, please visit www.temasek.com.sg .
For Temasek Review 2025, please visit www.temasekreview.com.sg .
For Sustainability Report 2025, please visit https://www.temasek.com.sg/content/dam/temasek-corporate/sustainability/2025/Temasek-Sustainability-Report-2025.pdf .

Introduction

Role Purpose: We are seeking an experienced IT Auditor on a contract basis to support the execution of risk-based technology, data, AI, and cybersecurity audits. The role is hands-on, execution-focused, and suited to a candidate who can work independently with minimal supervision.

Scope of Role: Audit assignments will vary depending on the annual audit plan and emerging risk priorities, and may include personal data protection, data governance and security, AI governance and security, application security, infrastructure, and network security.

Responsibilities

Audit Execution and Assurance

• Independently plan and execute risk-based IT, data, AI, and cybersecurity audits across business processes, applications, platforms, and infrastructure.
• Support integrated and thematic audits that cut across business, data, technology, and security domains.
• Perform walkthroughs, control design reviews, and operating effectiveness testing.
• Identify control gaps, assess root causes, and evaluate residual and systemic risks.
• Develop clear, defensible audit workpapers in line with internal audit standards and professional practices.

Technology, Data and Security Risk Coverage

The role may include assessing controls and risks across the following areas:

• Personal Data & Privacy
  • Data lifecycle management (collection, use, disclosure, retention, disposal)
  • Data protection impact assessments (DPIAs)
  • Access controls, encryption, logging, and monitoring

• Data Governance & Security
  • Data governance and accountability frameworks
  • Data classification and secure handling
  • Data access governance across platforms
  • Data quality, lineage, and integrity
  • Data leakage prevention and monitoring
  • GenAI data governance, including training data controls and usage safeguards

• AI Governance & Application Security
  • AI governance, oversight, and use-case lifecycle management
  • Security and technology risk controls over AI and GenAI systems
  • AI application security testing, including:
    • Review of model access controls, APIs, and integrations
    • Identification of risks such as prompt injection, data leakage, insecure model access, and third-party dependency risks
  • Alignment with secure SDLC practices, architectural guardrails, and third-party AI governance

• Infrastructure, Network & External Exposure Security
  • Network and wireless security
  • Host configuration, hardening, and patch management
  • Firewalls, segmentation, and security monitoring
  • Security reviews of corporate websites and externally exposed services

Reporting and Stakeholder Engagement

• Produce concise, management-ready audit reports with practical, risk-focused recommendations.
• Communicate complex technology, data, and AI risks in clear business terms.
• Work effectively with IT, data, security, and business stakeholders while maintaining auditor independence.
• Track remediation actions and validate closure of audit issues.

Requirements

• 3-5+ years experience in IT audit, technology risk, cybersecurity, or related roles.
• Strong hands-on audit execution experience across data, AI, applications, and cybersecurity controls.
• Comfortable working in changing audit scopes and emerging risk areas.
• Familiarity with recognised frameworks (e.g. ISO 27001, NIST, data protection and security standards).
• Professional certifications (CISA, CISSP, CISM, CRISC, privacy or cloud certifications) preferred.
• Strong analytical skills, professional judgment, and written communication.