GRC Risk Register Lead
About The Position
The GRC Risk Register Lead will define end-to-end governance workflows for risk identification and intake, risk review and validation, risk acceptance, mitigation, or transfer, and ongoing monitoring and periodic reassessment. This role involves establishing roles and responsibilities for risk owners, reviewers, and governance bodies, and designing escalation and reporting processes for high-risk and accepted risks. The lead will engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows, and facilitate working sessions or workshops to socialize the risk register and governance processes. Support for onboarding initial risks into the enterprise risk register is also required. The position entails producing clear, audit-ready documentation covering risk register structure and data definitions, risk scoring methodology, and governance workflows and decision authorities. Finally, the lead will provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term. Deliverables include an Enterprise Risk Register Framework, a Risk Scoring and Prioritization Model, a Risk Governance Model, Initial Population of Risk Register, and a Final Documentation Package.
Requirements
- Experience with Risk Register Design and Framework
- Experience with Risk Scoring and Prioritization Model
- Experience with Governance Processes and Workflows
- Experience with Stakeholder and Enablement
- Demonstrated skill with documentation and knowledge transfer
Responsibilities
- Define end to end governance workflows for: Risk identification and intake, Risk review and validation, Risk acceptance, mitigation, or transfer, Ongoing monitoring and periodic reassessment
- Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
- Design escalation and reporting processes for high risk and accepted risks.
- Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.
- Facilitate working sessions or workshops to socialize the risk register and governance processes.
- Support onboarding of initial risks into the enterprise risk register.
- Produce clear, audit ready documentation covering: Risk register structure and data definitions, Risk scoring methodology, Governance workflows and decision authorities
- Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.
- Provide the Enterprise Risk Register Framework, including a standardized risk register template and taxonomy.
- Provide the Risk Scoring and Prioritization Model, including documented likelihood and impact scales, scoring methodology and prioritization logic.
- Provide the Risk Governance Model, including defined workflows for risk intake, review, acceptance, and monitoring, and a roles and responsibilities matrix.
- Provide the Initial Population of Risk Register, including an initial set of documented risks reflecting current cybersecurity and technology risk posture.
- Provide the Final Documentation Package, including consolidated guidance and operating procedures for ongoing risk management.
Benefits
- competitive compensation
- opportunities for professional growth
- supportive team culture
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Senior
Education Level
No Education Listed
Number of Employees
1-10 employees
