Information Security Manager 3, Enterprise Risk Register Framework , risk register structure and data definitions, Risk scoring methodology-15 yrs

Information Security Manager 3, Enterprise Risk Register Framework , risk register structure and data definitions, Risk scoring methodology-15 yrs USCITIZENS ARE WELCOME-H1B with over 15 yrs are welcome Location: Austin TX LOCALS ONLY THOUGH OUT OF TOWN CANDIDATES ARE WELCOME WHO ARE WILLING TO RELOCATE ON THEIR OWNDuration: 1 yr ongoing roleRequirements:• Define end to end governance workflows for:o Risk identification and intakeo Risk review and validationo Risk acceptance, mitigation, or transfero Ongoing monitoring and periodic reassessment• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.• Design escalation and reporting processes for high risk and accepted risks.• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.• Facilitate working sessions or workshops to socialize the risk register and governance processes.• Support onboarding of initial risks into the enterprise risk register.• Produce clear, audit ready documentation covering:o Risk register structure and data definitionso Risk scoring methodologyo Governance workflows and decision authorities• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.
The contractor shall provide the following deliverables during the engagement:1. Enterprise Risk Register Frameworko Standardized risk register template and taxonomy2. Risk Scoring and Prioritization Model3. Risk Governance Modelo Defined workflows for risk intake, review, acceptance, and monitoringo Roles and responsibilities matrix4. Initial Population of Risk Registero Initial set of documented risks reflecting current cybersecurity and technology risk posture5. Final Documentation Packageo Consolidated guidance and operating procedures for ongoing risk management