RCSA Quality Control Lead

Quincy, MA, US • Posted 11 hours ago • Updated 44 minutes ago
Full Time
On-site
$55 - $70 per hour
Fitment

Dice Job Match Score™

🛠️ Calibrating flux capacitors...

Job Details

Skills

  • Test Methods
  • Performance Testing
  • Risk Management
  • Risk Assessment
  • Mapping
  • Scripting
  • PASS
  • ROOT
  • Root Cause Analysis
  • Stakeholder Engagement
  • Regulatory Compliance
  • IT Management
  • Management Reporting
  • Test Scripts
  • Quality Assurance
  • Internal Auditing
  • IT Risk
  • Banking
  • Financial Services
  • Quality Control
  • Identity Management
  • Change Request Management
  • Patch Management
  • Cloud Computing
  • Data Security
  • IT Operations
  • Disaster Recovery
  • Business Continuity Planning
  • Software Development
  • DevSecOps
  • Auditing
  • IT Risk Management
  • IT Audit
  • Operational Risk
  • Analytical Skill
  • Documentation
  • Articulate
  • Communication
  • Attention To Detail
  • Testing
  • Management
  • CISA
  • Cyber Security
  • ISACA
  • CISSP
  • Information Systems
  • CISM
  • Information Security
  • IT Governance
  • COBIT
  • ITIL
  • ISO/IEC 27001:2005
  • Cloud Security
  • Amazon Web Services
  • Microsoft Azure
  • Google Cloud Platform
  • Google Cloud
  • Cisco Certifications
  • IT Service Management
  • Innovation
  • Collaboration
  • Recruiting
  • Artificial Intelligence
  • Privacy
  • Insurance
  • Finance
  • Professional Development
  • Training
  • Leadership
  • CompTIA
  • Customer Service
  • Career Counseling
  • SAP BASIS
  • Law
  • ADA
  • Apex
  • Oracle Application Express

Summary

Job#: 3042248

Job Description:

Large Banking Client

Position: RCSA Quality Control Lead

Location: Remote

Duration: 6+ month contract; Strong potential for extension or full-time conversion

Overview

The Quality Control Lead will provide independent quality control and effective challenge over Risk Control Self Assessment, IT risk assessments, control design, and control testing performed by IT Subject Matter Expert teams. This role requires deep knowledge of the RCSA program, IT general controls, technology risk management, control testing methodology, and technology standards.

The successful candidate will review and challenge risk and control articulation, inherent and residual risk assessments, ratings and supporting rationales. This candidate will also perform effective challenge of control design and control performance testing, including adequacy of test scripts and testing overall conclusion supporting evidence. The role is expected to ensure that risk assessments and control testing are complete, accurate, evidence-based, and aligned with the enterprise risk management standards.

This position requires a senior professional with strong IT risk and control experience, excellent judgment, and the ability to challenge technology stakeholders in a constructive, fact-based manner.

Key Responsibilities

RCSA and Risk Assessment Quality Control
  • Perform quality control review of IT Risk Control Self Assessments, including risk statements, control mapping, inherent risk ratings, control effectiveness ratings, residual risk ratings, and supporting rationale.
  • Challenge whether risks are clearly defined, appropriately rated, and aligned to the relevant IT process, application, infrastructure, or service.
  • Assess whether controls are appropriately mapped to risks and whether they sufficiently mitigate the stated risk.
  • Review whether key controls are accurately identified and whether control gaps are appropriately documented.
  • Evaluate whether residual risk ratings are supported by control design, operating effectiveness, issue history, incident trends, audit findings, and other risk indicators.
  • Identify inconsistencies, unsupported conclusions, or understatements of risk within IT RCSA submissions.
  • Ensure RCSA documentation meets internal standards, governance expectations, and auditability requirements.


Control Testing Effective Challenge
  • Perform independent review and challenge of control testing executed by IT SME teams.
  • Assess whether control testing scripts are clear, risk-based, and aligned to the control objective.
  • Review population completeness, sampling methodology, test steps, evidence sufficiency, exception analysis, and final testing conclusions.
  • Determine whether testing evidence supports the stated pass/fail result and control effectiveness rating.
  • Challenge insufficient evidence, weak testing approaches, inappropriate sampling, incomplete populations, or unsupported conclusions.
  • Ensure that control testing evaluates both control design effectiveness and operating effectiveness.
  • Review testing over manual controls, automated controls, and IT-dependent manual controls.
  • Validate whether exceptions are appropriately assessed for severity, root cause, risk impact, and potential issue escalation.
  • Assess whether compensating controls are appropriately designed, evidenced, and operating effectively.


Issue Identification and Remediation Challenge
  • Review control testing exceptions and determine whether they should result in formal issues, action plans, or risk acceptances.
  • Challenge issue severity ratings, root cause analysis, remediation plans, target dates, and ownership.
  • Evaluate whether remediation plans address the underlying control weakness rather than only the observed symptom.
  • Review evidence supporting issue closure and control remediation validation.
  • Identify repeat findings, systemic control weaknesses, and themes across IT domains.


Stakeholder Engagement and Governance
  • Partner with IT SME teams, risk owners, control owners, second line risk teams, audit, compliance, and technology leadership.
  • Communicate effective challenge clearly, professionally, and with supporting evidence.
  • Facilitate resolution of challenge points and escalate unresolved matters through appropriate governance channels.
  • Prepare clear documentation of QC results, challenge outcomes, themes, and recommendations.
  • Support management reporting on IT control health, testing quality, RCSA quality, and recurring control deficiencies.
  • Promote consistency and discipline across IT risk and control assessment activities.


Required Experience
  • 10+ years of experience in IT risk management, technology audit, IT controls, operational risk, cybersecurity risk, regulatory control testing, or related disciplines.
  • Significant hands-on experience with Risk Control Self Assessment programs in a financial services, regulated, or large enterprise environment.
  • Deep experience reviewing and challenging IT control testing performed by technology, risk, audit, or control teams.
  • Strong understanding of IT general controls, cybersecurity controls, technology operations, infrastructure controls, application controls, and third-party technology risk.
  • Proven experience assessing control design effectiveness and control operating effectiveness.
  • Experience evaluating testing evidence, population completeness, sampling approaches, test scripts, exception handling, and control conclusions.
  • Prior experience performing independent quality control, quality assurance, second line challenge, internal audit review, or regulatory readiness review.
  • Experience interacting with senior IT stakeholders and challenging risk/control conclusions in a professional and evidence-based manner.
  • Strong knowledge of technology risk frameworks and control standards such as COBIT, NIST, ISO 27001, ITIL, COSO, or similar frameworks.
  • Experience in banking, insurance, financial services, fintech, or another highly regulated environment is strongly preferred.


Required IT Domain Knowledge

The QC Lead must be well versed in the following IT domains:

Identity and Access Management

IT Change Management

Cybersecurity Risk and Controls

Vulnerability and Patch Management

Infrastructure and Platform Controls

Application Controls

Cloud Technology Risk

Data Protection and Privacy Controls

IT Operations

Disaster Recovery and Business Continuity

Third-Party and Technology Vendor Risk

Software Development Life Cycle and DevSecOps

Logging, Monitoring, and Audit Trail Controls

Must-Have Requirements:
  • 10+ years of experience in IT risk management, technology audit, IT controls, operational risk, cybersecurity risk, regulatory control testing, or related disciplines.
  • Strong ability to perform independent and evidence-based effective challenge.
  • Excellent understanding of risk and control concepts, including inherent risk, residual risk, key controls, control design, operating effectiveness, issues, and remediation.
  • Strong analytical skills with the ability to identify unsupported conclusions, control gaps, and inconsistent risk ratings.
  • Excellent documentation skills, including the ability to clearly articulate challenge points and risk rationale.
  • Strong communication skills with the ability to engage both technical and non-technical stakeholders.
  • Ability to translate technical IT control issues into business risk language.
  • Strong judgment in assessing control exceptions, issue severity, and residual risk impact.
  • Ability to work across multiple IT domains and challenge highly technical SMEs.
  • Strong attention to detail and ability to review complex testing workpapers.
  • Ability to manage competing priorities and deliver high-quality reviews within required timelines.


Preferred Certifications: (nice to haves)
  • CIA - Certified Internal Auditor
  • CISA - Certified Information Systems Auditor
  • IT, cybersecurity, risk, or technology control certifications, such as:
    • CRISC - Certified in Risk and Information Systems Control
    • CISSP - Certified Information Systems Security Professional
    • CISM - Certified Information Security Manager
    • CGEIT - Certified in the Governance of Enterprise IT
    • COBIT certification
    • ITIL certification
    • ISO 27001 Lead Auditor or Lead Implementer
  • Cloud security or architecture certification, such as AWS, Azure, Google Cloud, or CCSP


Apex Benefits Overview

Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a retirement plan (401k or local country equivalent) program. Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Apex has a dedicated customer service team for our consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Apex team member can provide.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or .

Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRateds Best of Staffing in Talent Satisfaction in the United States and Great Place to Work in the United Kingdom and Mexico.

Everforth Apex uses a virtual recruiter as part of the application process. Click for more details. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Everforth Apex and its affiliates, and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy at

Everforth Apex Benefits Overview: Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.

Everforth Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Everforth Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law.

If you require an accommodation under the Americans with Disabilities Act to participate in an interview with a virtual recruiter or to use our website for a search or application, please contact our Benefits Department at or . Please note that this contact information is strictly to be used for medical ADA accommodations and that no other inquiries will be answered.

UnitedHealthcare creates and publishes the Transparency in Coverage Machine-Readable Files on behalf of Everforth Apex Systems.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: apexsan
  • Position Id: BHJOB2374_3042248
  • Posted 11 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Boston, Massachusetts

Today

Easy Apply

Full-time

$73 - $75 per hour

Canton, Massachusetts

Today

Full-time

USD 162,000.00 - 195,000.00 per year

Hybrid in Boston, Massachusetts

Yesterday

Easy Apply

Contract

25 - 60

Johnston, Rhode Island

Today

Full-time

USD 138,000.00 - 200,000.00 per year

Search all similar jobs