Job Description
Location:
100% Remote (U.S.-based candidates only)
Duration:
May 2026 – August 2026 (Extension Possible)
Schedule:
Monday–Friday, 8:00 AM – 5:00 PM CST
Hours:
Up to ~560 hours
Overview
We are seeking an experienced
Cybersecurity Risk & Governance Consultant
to design and implement enterprise-level
risk management frameworks, governance workflows, and risk register structures
.
This role is ideal for someone with strong expertise in
risk frameworks, stakeholder engagement, and governance design
, who can build scalable, audit-ready processes and enable long-term sustainability through documentation and knowledge transfer.
Key Responsibilities
- Risk Framework & Governance Design
- Define end-to-end governance workflows for:
- Risk identification and intake
- Risk review and validation
- Risk acceptance, mitigation, or transfer
- Ongoing monitoring and reassessment
- Establish clear roles and responsibilities across risk owners, reviewers, and governance bodies
- Design escalation and reporting processes for high-risk and accepted risks
- Risk Register & Scoring Model
- Develop and standardize enterprise risk register structure, taxonomy, and data definitions
- Design risk scoring methodology, including likelihood and impact models
- Define prioritization logic aligned with organizational risk tolerance
- Stakeholder Engagement & Enablement
- Collaborate with cross-functional stakeholders across business, IT, security, and governance teams
- Facilitate workshops and working sessions to validate workflows and drive adoption
- Support onboarding of initial risks into the enterprise risk register
- Documentation & Knowledge Transfer
- Produce clear, audit-ready documentation covering:
- Risk register framework
- Scoring and prioritization models
- Governance workflows and decision authorities
- Deliver knowledge transfer to internal teams to ensure continuity beyond the engagement
- Key Deliverables
- Enterprise Risk Register Framework (template, taxonomy)
- Risk Scoring & Prioritization Model (likelihood/impact scales, scoring logic)
- Risk Governance Model (workflows, roles/responsibilities)
- Initial Population of Risk Register (current risk posture)
- Final Documentation Package (operating procedures and guidance)
- Required Qualifications
- 8+ years of experience inrisk management, governance, or GRC
- Strong experience with:
- Risk register design and frameworks
- Risk scoring and prioritization methodologies
- Governance workflows and operating models
- Stakeholder engagement and cross-functional facilitation
- Proven ability to create audit-ready documentation and deliver knowledge transfer
- Strong understanding of enterprise risk management practices (e.g., NIST-aligned frameworks)
- Preferred Qualifications
- Experience in large enterprise or public sector environments
- Familiarity with cybersecurity and technology risk domains
- Strong facilitation, communication, and organizational change skills
- Work Environment
- 100% remote within the United States
- Standard business hours with occasional off-hours support as needed
- No travel required unless pre-approved
Apply tot his job
Apply To this Job