Job Description

Remote – United States

I. DESCRIPTION OF SERVICES

• Define end to end governance workflows for:

o Risk identification and intake

o Risk review and validation

o Risk acceptance, mitigation, or transfer

o Ongoing monitoring and periodic reassessment

• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.

• Design escalation and reporting processes for high risk and accepted risks.

• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.

• Facilitate working sessions or workshops to socialize the risk register and governance processes.

• Support onboarding of initial risks into the enterprise risk register.

• Produce clear, audit ready documentation covering:

o Risk register structure and data definitions

o Risk scoring methodology

o Governance workflows and decision authorities

• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.

The contractor shall provide the following deliverables during the engagement:

1 Enterprise Risk Register Framework

o Standardized risk register template and taxonomy

2 Risk Scoring and Prioritization Model

o Documented likelihood and impact scales

o Scoring methodology and prioritization logic

3 Risk Governance Model

o Defined workflows for risk intake, review, acceptance, and monitoring

o Roles and responsibilities matrix

4 Initial Population of Risk Register

o Initial set of documented risks reflecting current cybersecurity and technology risk posture

5 Final Documentation Package

o Consolidated guidance and operating procedures for ongoing risk management

II. CANDIDATE SKILLS AND QUALIFICATIONS

Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity.

Years

Required/Preferred

Experience

8

Required

Experience with Risk Register Design and Framework

8

Required

Experience with Risk Scoring and Prioritization Model

8

Required

Experience with Governance Processes and Workflows

8

Required

Experience with Stakeholder and Enablement

8

Required

Demonstrated skill with documentation and knowledge transfer

Note Expected Start Date 05/26/2026 and Expected End Date 08/31/2026 May be renewed up to 3 years.

Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM, excluding State holidays when the agency is closed. The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.