Information Security Manager 3 (70126089)

Job description

Remote – United States I. DESCRIPTION OF SERVICES: o Risk identification and intake o Risk review and validation o Risk acceptance, mitigation, or transfer o Ongoing monitoring and periodic reassessment o Risk register structure and data definitions o Risk scoring methodology o Governance workflows and decision authorities - Define end to end governance workflows for: - Establish roles and responsibilities for risk owners, reviewers, and governance bodies. - Design escalation and reporting processes for high risk and accepted risks. - Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows. - Facilitate working sessions or workshops to socialize the risk register and governance processes. - Support onboarding of initial risks into the enterprise risk register. Produce clear, audit ready documentation covering: - Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term. The contractor shall provide the following deliverables during the engagement: 1 . Enterprise Risk Register Framework o Standardized risk register template and taxonomy 2 . Risk Scoring and Pri...