Job ID: TX-70126089 (917490430)
Remote Governance/Compliance Risk Register/GRC Analyst (15+) with Risk Register Design/Framework, Risk Scoring/Prioritization Model experience
Location: Austin, TX (TEA)
Duration: 3 Months
Skills:
8 Required Experience with Risk Register Design and Framework
8 Required Experience with Risk Scoring and Prioritization Model
8 Required Experience with Governance Processes and Workflows
8 Required Experience with Stakeholder and Enablement
8 Required Demonstrated skill with documentation and knowledge transfer
Description:
• Define end to end governance workflows for:
o Risk identification and intake
o Risk review and validation
o Risk acceptance, mitigation, or transfer
o Ongoing monitoring and periodic reassessment
• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
• Design escalation and reporting processes for high risk and accepted risks.
• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.
• Facilitate working sessions or workshops to socialize the risk register and governance processes.
• Support onboarding of initial risks into the enterprise risk register.
• Produce clear, audit ready documentation covering:
o Risk register structure and data definitions
o Risk scoring methodology
o Governance workflows and decision authorities
• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.
The contractor shall provide the following deliverables during the engagement:
1. Enterprise Risk Register Framework
o Standardized risk register template and taxonomy
2. Risk Scoring and Prioritization Model
o Documented likelihood and impact scales
o Scoring methodology and prioritization logic
3. Risk Governance Model
o Defined workflows for risk intake, review, acceptance, and monitoring
o Roles and responsibilities matrix
4. Initial Population of Risk Register
o Initial set of documented risks reflecting current cybersecurity and technology risk posture
5. Final Documentation Package
o Consolidated guidance and operating procedures for ongoing risk management