Governance Risk and Compliance Risk Register Analyst

JOB DESCRIPTION/MINIMUM REQUIREMENTS:
ROLE SUMMARY:
This role will establish and operationalize enterprise governance and compliance workflows for cybersecurity and technology risk management. The contractor will design and document an audit-ready enterprise risk register framework, define risk scoring and prioritization methods, and implement governance processes to intake, validate, accept/mitigate/transfer, and monitor risks across stakeholders.

KEY RESPONSIBILITIES / DELIVERABLES:
Define end-to-end governance workflows for risk identification/intake, review/validation, acceptance/mitigation/transfer, and ongoing monitoring/reassessment.
Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
Design escalation and reporting processes for high-risk items and accepted risks.
Facilitate stakeholder working sessions/workshops across business, technology, security, and governance to validate requirements and socialize processes.
Support onboarding and initial population of risks into the enterprise risk register.
Produce clear, audit-ready documentation, including risk register structure/data definitions, scoring methodology, and governance workflows/decision authorities.
Provide knowledge transfer to designated security staff to support sustainability beyond the contract term.

Planned deliverables include:

1. Enterprise Risk Register Framework (standardized template and taxonomy)
2. Risk Scoring and Prioritization Model (likelihood/impact scales; scoring and prioritization logic)
3. Risk Governance Model (workflows for intake, review, acceptance, monitoring; roles/responsibilities matrix)
4. Initial Population of Risk Register (documented risks reflecting current cybersecurity and technology risk posture)
5. Final Documentation Package (consolidated guidance and operating procedures for ongoing risk management)

MINIMUM REQUIREMENTS (Candidates must meet/exceed):