Senior Risk Management Specialist

About The Position

Requirements

• Bachelor's Degree from an accredited college or university in a related discipline
• 8+ years in risk management or related field, with experience in designing and implementing ERM frameworks
• Expert understanding of risk management methodologies and frameworks (such as COSO, NIST, and/or ISO)
• Proficient with ERM software and data analysis tools
• Must be able to obtain a Position of Public Trust Clearance (includes fingerprinting, background check, and drug screening)
• Familiarity or direct experience with GRC/Cybersecurity solutions, tools, and technologies
• Strong facilitation, analytic, and problem-solving skills
• Ability to work collaboratively and iterate products with a variety of internal and external stakeholders
• Ability to work with a team of professionals in a remote environment on expedited timelines
• Ability to be comfortable working in ambiguous situations and with unclear direction.

Nice To Haves

• Knowledge of federal law enforcement regulations or regulatory agencies
• CIPP, CRCM, CRM, ARM, CISSP, and/or CISM certifications
• Agile, Scrum, and/or Lean Six Sigma training

Responsibilities

• Lead enterprise-wide risk assessment to identify regulatory, operational, and reputational risks, and vulnerabilities, including evaluation of existing risk management framework, tools, and processes.
• Design and implement a robust ERM framework that aligns with strategic goals and regulatory requirements.
• Establish ERM architecture, including risk taxonomy, appetite statements, and monitoring tools.
• Create roadmap to mature or advance risk compliance.
• Support implementation of GRC platforms and modernized controls.
• Develop and implement strategies to mitigate identified risks and ensure business continuity.
• Map new or modified controls directly to identified risks and develop mitigation protocols.
• Develop and monitor KRIs, thresholds, and early warning indicators for real-time compliance tracking to report on the agency's overall risk posture.
• Utilize data analysis and quantitative modeling to evaluate risk exposure and stress test scenarios.
• Translate complex risk data into clear and actionable insights for non-technical stakeholders and senior leadership.
• Facilitate workshops and/or deliver briefs to senior leadership regarding likelihood and impact of potential risks.
• Conduct targeted compliance reviews and assist in remediation planning.
• Execute root cause analyses on incidents and recommend policy/process/control changes.
• Gather and evaluate real-time process data and performance metrics during pilot and rollout phases.