job summary:
Role Overview
As part of Client's GRC Modernization Program, we are seeking experienced Control Design & Modernization Specialists to help transform and standardize the control environment across Enterprise Security & Fraud (ES&F). This role is focused on designing the future-state control framework. Successful candidates will review existing policies, standards, risk assessments, audit observations, regulatory requirements, and current controls to identify opportunities for simplification, standardization, automation, and Continuous Controls Monitoring (CCM). Working closely with control owners, risk partners, and subject matter experts, you will design actionable, measurable, and scalable controls that support Client's evolving risk, regulatory, and business needs.
Key Responsibilities
Control Assessment & Discovery
Review policies, standards, procedures, risk assessments, audit findings, regulatory requirements, and existing control inventories.
Assess current-state controls to identify gaps, overlaps, redundancies, and opportunities for improvement.
Evaluate existing control frameworks against industry best practices and regulatory expectations.
Future-State Control Design
Design and document future-state controls that are risk-based, measurable, testable, and scalable.
Develop clear control objectives, control activities, ownership models, evidence requirements, and implementation guidance.
Rationalize and standardize controls across multiple ES&F functions to improve consistency and effectiveness.
Design controls with automation and Continuous Controls Monitoring (CCM) capabilities in mind.
Stakeholder Engagement
Facilitate workshops and working sessions with security, technology, risk, compliance, audit, and business stakeholders.
Challenge legacy approaches and drive alignment on future-state control designs.
Build consensus across diverse stakeholder groups and ensure control designs meet business and regulatory expectations.
GRC Modernization Support
Contribute to the development of enterprise control libraries, control standards, taxonomies, and framework mappings.
Support broader GRC modernization initiatives focused on improving control effectiveness, reducing complexity, and enabling scalable assurance.
Identify opportunities to leverage automation, analytics, AI, and modern GRC practices to enhance control maturity.
location: Malvern, Pennsylvania
job type: Contract
salary: $59.18 - 64.18 per hour
work hours: 8am to 5pm
education: Bachelors
responsibilities:
Role Overview
- As part of Client's GRC Modernization Program, we are seeking experienced Control Design & Modernization Specialists to help transform and standardize the control environment across Enterprise Security & Fraud (ES&F). This role is focused on designing the future-state control framework. Successful candidates will review existing policies, standards, risk assessments, audit observations, regulatory requirements, and current controls to identify opportunities for simplification, standardization, automation, and Continuous Controls Monitoring (CCM). Working closely with control owners, risk partners, and subject matter experts, you will design actionable, measurable, and scalable controls that support Client's evolving risk, regulatory, and business needs.
Key Responsibilities
Control Assessment & Discovery
- Review policies, standards, procedures, risk assessments, audit findings, regulatory requirements, and existing control inventories.
- Assess current-state controls to identify gaps, overlaps, redundancies, and opportunities for improvement.
- Evaluate existing control frameworks against industry best practices and regulatory expectations.
Future-State Control Design
- Design and document future-state controls that are risk-based, measurable, testable, and scalable.
- Develop clear control objectives, control activities, ownership models, evidence requirements, and implementation guidance.
- Rationalize and standardize controls across multiple ES&F functions to improve consistency and effectiveness.
- Design controls with automation and Continuous Controls Monitoring (CCM) capabilities in mind.
Stakeholder Engagement
- Facilitate workshops and working sessions with security, technology, risk, compliance, audit, and business stakeholders.
- Challenge legacy approaches and drive alignment on future-state control designs.
- Build consensus across diverse stakeholder groups and ensure control designs meet business and regulatory expectations.
GRC Modernization Support
- Contribute to the development of enterprise control libraries, control standards, taxonomies, and framework mappings.
- Support broader GRC modernization initiatives focused on improving control effectiveness, reducing complexity, and enabling scalable assurance.
- Identify opportunities to leverage automation, analytics, AI, and modern GRC practices to enhance control maturity.
qualifications:
Qualifications
Required Qualifications
8+ years of experience in cybersecurity, risk management, governance, compliance, controls design, internal audit, or related disciplines.
Proven experience designing, enhancing, or transforming controls within financial services or other highly regulated industries.
Robust experience translating policies, standards, risks, audit findings, and regulatory requirements into effective control designs.
Deep understanding of control lifecycle management, including control design, implementation, testing, monitoring, remediation, and continuous improvement.
Demonstrated ability to lead workshops and influence senior stakeholders.
Robust analytical, documentation, and problem-solving skills.
Excellent written and verbal communication skills.
Preferred Qualifications
Experience supporting large-scale GRC modernization, control transformation, or cybersecurity governance initiatives.
Experience designing controls for Continuous Controls Monitoring (CCM) and automated assurance capabilities.
Knowledge of AI Governance, AI Risk Management, and emerging AI-related regulatory requirements.
Experience developing control libraries, taxonomies, framework mappings, and enterprise control standards.
Robust knowledge of:
NIST Cybersecurity Framework (CSF)
NIST 800-53
ISO 27002
CIS Controls
COBIT
Consulting, risk advisory, internal audit, or Big Four experience robustly preferred.
Professional certifications such as CISSP, CISM, CISA, CRISC, CIA, or CPA preferred.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.
At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact
Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).
This posting is open for thirty (30) days.
Any consideration of a background check would be an individualized assessment based on the applicant or employee's specific record and the duties and requirements of the specific job.
![]()