technology & cyber issues reporting lead.

job summary:
Summary of the Role

Typical Day-to-Day Responsibilities: As outlined below.

Meeting Cadence: Approximately 25% of the day will be spent in meetings.

Interaction: Primary collaboration is with internal partners.

Data Access: The contractor will not have access to customer data.

Role Summary

The Technology & Cyber Issues Reporting and Insights Lead is responsible for developing and delivering executive-level reporting and insights for cybersecurity and technology issues management, including control gaps, audit findings, regulatory matters requiring attention, risk acceptances/exceptions (as applicable), and corrective action plan progress.

This role synthesizes inputs from the Three Lines of Defense (3LoD) to create a consistent, defensible view of technology and cyber issue health: severity, aging, trends, root causes, themes/patterns, and risk impact. This includes deep analysis of systemic issues and recurring control gaps and presenting these insights to senior leadership and risk committees.

Note: This role does not own issue remediation execution. It owns the portfolio intelligence, reporting integrity, and governance-facing narrative.

Key Responsibilities

Issues Portfolio Reporting & Governance Packs

Recurring Reporting: Produce management reporting for Technology Risk Committees, Cyber Governance forums, Operational risk committees, and Senior leadership/board-level reporting.

Portfolio Views: Create standardized views of issue aging (by severity, domain, owner), SLA breaches, overdue CAPs, open vs. closed trends, issue reopen rates, and thematic/systemic control gaps.

3LoD Alignment & Reporting Integrity

Normalize Reporting: Integrate data across 1LoD (remediation teams), 2LoD (GRC oversight), and 3LoD (internal audit).

Unified Language: Ensure consistent severity tiers, materiality thresholds, and taxonomy alignment (risk/control/requirement).

Defensible Classification: Distinguish between issues, control gaps, and improvement items.

Control Gap & Issues Trend Analysis

Pattern Identification: Spot recurring failures in control objectives, systemic breakdowns in process or tooling, concentration risks, and persistent audit repeats.

Thematic Analysis: Review domains (IAM, VM, SOC, Cloud, AppSec, Data Protection), technology types (SaaS, endpoints), and control families.

Forward-Looking Signals: Develop insights regarding "what's driving this" and risk signals.

Executive Narratives & Committee Readouts

Data Translation: Turn data into clear storylines, drivers/root causes, and "why this matters" narratives.

Briefs: Develop talking points for the CISO / CIO / CRO.

Challenge Narratives: Challenge owners' narratives when they are unsupported or inconsistent with data.

Issues Data Quality, Evidence & Defensibility

Evidence Trails: Own reconciliation between systems-of-record and reports, data quality checks, and audit-ready documentation.

Standard Definitions: Maintain rules for aging calculations, breach logic, and closure evidence.

Continuous Improvement & Automation Enablement

Optimization: Improve visuals/templates and automate reporting feeds (e.g., Archer, ServiceNow IRM/GRC).

Dashboards: Define requirements for analytics (not responsible for building ETL pipelines).

Core Skills & Competencies

Excellent risk writing and executive storytelling.

Strong judgment: materiality, severity, and escalation triggers.

Deep attention to accuracy and consistency.

Ability to influence and challenge across 3LoD.

Strong process governance and delivery rigor.

Key Deliverables & Success Measures

Deliverables: Monthly/quarterly Portfolio Packs, Executive dashboards, thematic control gap analysis, and committee briefing notes.

Success: Improved transparency, reduced reporting disputes, earlier detection of control gaps, and increased leadership confidence.

Candidate Requirements

Must-Have Hard Skills

Experience: 8+ years in cyber/technology risk, issues management, audit reporting, or cyber GRC.

Reporting Packs: Demonstrated experience building leadership packs for issue health, audit/regulatory outcomes, and remediation tracking.

Domain Knowledge: Strong understanding of the issues management lifecycle (identify → close), CAP governance, and severity rating frameworks.

Soft Skills

Exceptional written communication and storytelling (executive-ready narratives).

Strong executive presence with the ability to challenge senior stakeholders.

Strong attention to detail.

Nice-To-Have

Model: Experience in 3LoD within highly regulated environments (Financial Services preferred).

Frameworks: Familiarity with NIST 800-53, NIST CSF, ISO 27001, or COBIT.

Tools: Archer, ServiceNow IRM, MetricStream, Jira, and Power BI/Tableau.

Certs: CRISC, CISA, CISSP, or CISM.

 
 
location: Mount Laurel, New Jersey
job type: Contract
salary: $80 - 83 per hour
work hours: 8am to 5pm
education: Bachelors
 
responsibilities:
Key Responsibilities

Issues Portfolio Reporting & Governance Packs

Recurring Reporting: Produce management reporting for Technology Risk Committees, Cyber Governance forums, Operational risk committees, and Senior leadership/board-level reporting.

Portfolio Views: Create standardized views of issue aging (by severity, domain, owner), SLA breaches, overdue CAPs, open vs. closed trends, issue reopen rates, and thematic/systemic control gaps.

3LoD Alignment & Reporting Integrity

Normalize Reporting: Integrate data across 1LoD (remediation teams), 2LoD (GRC oversight), and 3LoD (internal audit).

Unified Language: Ensure consistent severity tiers, materiality thresholds, and taxonomy alignment (risk/control/requirement).

Defensible Classification: Distinguish between issues, control gaps, and improvement items.

Control Gap & Issues Trend Analysis

Pattern Identification: Spot recurring failures in control objectives, systemic breakdowns in process or tooling, concentration risks, and persistent audit repeats.

Thematic Analysis: Review domains (IAM, VM, SOC, Cloud, AppSec, Data Protection), technology types (SaaS, endpoints), and control families.

Forward-Looking Signals: Develop insights regarding "what's driving this" and risk signals.

Executive Narratives & Committee Readouts

Data Translation: Turn data into clear storylines, drivers/root causes, and "why this matters" narratives.

Briefs: Develop talking points for the CISO / CIO / CRO.

Challenge Narratives: Challenge owners' narratives when they are unsupported or inconsistent with data.

Issues Data Quality, Evidence & Defensibility

Evidence Trails: Own reconciliation between systems-of-record and reports, data quality checks, and audit-ready documentation.

Standard Definitions: Maintain rules for aging calculations, breach logic, and closure evidence.

Continuous Improvement & Automation Enablement

Optimization: Improve visuals/templates and automate reporting feeds (e.g., Archer, ServiceNow IRM/GRC).

Dashboards: Define requirements for analytics (not responsible for building ETL pipelines).

 
qualifications:
MUST-HAVE Hard Skills:

1.) 8+ years of experience in cyber/technology risk, issues management, audit reporting, cyber GRC, or enterprise operational risk.

2.) Demonstrated experience building leadership reporting packs for:

 issue health

 audit/regulatory outcomes

 control performance and remediation execution tracking

3.) Strong understanding of:

 issues management lifecycle (identify → validate → remediate → verify/close)

 CAP governance

 issue severity rating frameworks

 risk/control relationships and materiality

SOFT SKILLS:

1.) Exceptional written communication and storytelling skills (ability to produce executive-ready narratives).

2.) Strong executive presence with the ability to challenge and influence senior stakeholders.

3.) Strong attention to detail

NICE-TO-HAVE

1.) Experience working in a 3LoD operating model in a highly regulated environment (financial services/insurance/healthcare).

2.) Familiarity with control frameworks:

 NIST 800-53 / NIST CSF

 ISO 27001

 COBIT

3.) Tooling exposure:

 Archer / ServiceNow IRM / MetricStream

 Jira for engineering remediation tracking

 Power BI/Tableau (consumption and report formatting)

4.) Certifications (nice-to-have):

 CRISC, CISA, CISSP, CISM


Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact HRsupport@randstadusa.com.

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.