Senior IT Risk & Control Analyst (QA/Challenge Function)

job summary:
This role supports the execution of independent Quality Assurance (QA) and remediation reviews for audit and regulatory findings. You will partner with technology teams, operational risk management (ORM), and compliance stakeholders to ensure strong control hygiene and timely risk reduction.

Job Specific Accountabilities

QA & Challenge: Conduct quality assurance reviews and challenge remediation action plans for internal audit and regulatory findings.

Remediation Assessment: Evaluate whether action plans sufficiently address root causes, risk drivers, and control design gaps.

Evidence Validation: Assess remediation evidence for accuracy, completeness, and sustainability against established QA rubrics and control standards.

Gap Identification: Identify weaknesses or misalignment with policy, standards, and regulatory expectations.

Documentation: Maintain clear, defensible records of review results, conclusions, and rationale.

Risk Escalation: Assess residual risk and escalate concerns where remediation effectiveness is found insufficient.

Control Evaluation: Review controls across Access Management, Change Management, Vulnerability Management, Data Protection, Logging/Monitoring, and Third-Party Risk.

Stakeholder Engagement: Interact with technology owners to clarify remediation approaches; collaborate with Audit and 2nd/3rd Lines of Defense (LOD).

Innovation: Contribute to continuous improvement using Agile/Lean methods and explore leading-edge solutions (AI, ML, Power BI, Python).

Candidate Requirements

Experience & Education

Years of Experience: 3-5 years in info security, tech risk, or audit.

Education: University degree or relevant equivalent experience.

Certifications: CRISC, CISM, CISA, or CISSP (considered an asset/highly preferred).

Hard Skills (Must-Haves)

Audit Background: Expert knowledge of IT Audit and Control methodology.

Governance Frameworks: Knowledge of COBIT 5, NIST, ISO 27001, and CIS.

Agile Methodology: Experience in Scrum, Kanban, or Extreme Programming within a Challenge function.

Tools: Jira (required), MS Suite (PowerPoint, Teams, Excel), Confluence, and SharePoint.

Write-up Ability: Exceptional business writing for meticulous documentation and rationales.

Technical Competencies

Control Design: Experience reviewing control implementation and operating effectiveness.

Data Analytics: Understanding of data collection and analysis to resolve data issues.

Reporting: Experience with KPIs and KRIs (Key Performance/Risk Indicators) and Technology Risk analytics.

GRC Tools: Exposure to platforms like Archer or ServiceNow.

Summary of Daily Work

Typical Day: Forward-facing role managing communications, tracking review progress, and conducting quality checks.

Meeting Cadence: 10-15 hours per week.

Interactions: High visibility with both internal and external stakeholders across all levels (Technical to Executive Management).

Culture: A collaborative, supportive, and diverse team of 6 people covering various background segments.

location: Mount Laurel, New Jersey
job type: Contract
salary: $40 - 42 per hour
work hours: 8am to 5pm
education: Bachelors

responsibilities:
Job Specific Accountabilities

QA & Challenge: Conduct quality assurance reviews and challenge remediation action plans for internal audit and regulatory findings.

Remediation Assessment: Evaluate whether action plans sufficiently address root causes, risk drivers, and control design gaps.

Evidence Validation: Assess remediation evidence for accuracy, completeness, and sustainability against established QA rubrics and control standards.

Gap Identification: Identify weaknesses or misalignment with policy, standards, and regulatory expectations.

Documentation: Maintain clear, defensible records of review results, conclusions, and rationale.

Risk Escalation: Assess residual risk and escalate concerns where remediation effectiveness is found insufficient.

Control Evaluation: Review controls across Access Management, Change Management, Vulnerability Management, Data Protection, Logging/Monitoring, and Third-Party Risk.

Stakeholder Engagement: Interact with technology owners to clarify remediation approaches; collaborate with Audit and 2nd/3rd Lines of Defense (LOD).

Innovation: Contribute to continuous improvement using Agile/Lean methods and explore leading-edge solutions (AI, ML, Power BI, Python).

Candidate Requirements

qualifications:
Experience & Education

Years of Experience: 3-5 years in info security, tech risk, or audit.

Education: University degree or relevant equivalent experience.

Certifications: CRISC, CISM, CISA, or CISSP (considered an asset/highly preferred).

Hard Skills (Must-Haves)

Audit Background: Expert knowledge of IT Audit and Control methodology.

Governance Frameworks: Knowledge of COBIT 5, NIST, ISO 27001, and CIS.

Agile Methodology: Experience in Scrum, Kanban, or Extreme Programming within a Challenge function.

Tools: Jira (required), MS Suite (PowerPoint, Teams, Excel), Confluence, and SharePoint.

Write-up Ability: Exceptional business writing for meticulous documentation and rationales.

Technical Competencies

Control Design: Experience reviewing control implementation and operating effectiveness.

Data Analytics: Understanding of data collection and analysis to resolve data issues.

Reporting: Experience with KPIs and KRIs (Key Performance/Risk Indicators) and Technology Risk analytics.

GRC Tools: Exposure to platforms like Archer or ServiceNow.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact [email protected].


Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.