Cybersecurity Risk & Governance Consultant (Remote | Contract)

Location:
100% Remote (U.S.-based candidates only)
Duration:
May 2026 – August 2026 (Extension Possible)
Schedule:
Monday–Friday, 8:00 AM – 5:00 PM CST
Hours:
Up to ~560 hours

Overview

We are seeking an experienced
Cybersecurity Risk & Governance Consultant
to design and implement enterprise-level
risk management frameworks, governance workflows, and risk register structures
.

This role is ideal for someone with strong expertise in
risk frameworks, stakeholder engagement, and governance design
, who can build scalable, audit-ready processes and enable long-term sustainability through documentation and knowledge transfer.

Key Responsibilities

Risk Framework & Governance Design
• Define end-to-end governance workflows for:
• Risk identification and intake
• Risk review and validation
• Risk acceptance, mitigation, or transfer
• Ongoing monitoring and reassessment
• Establish clear roles and responsibilities across risk owners, reviewers, and governance bodies
• Design escalation and reporting processes for high-risk and accepted risks

Risk Register & Scoring Model
• Develop and standardize enterprise risk register structure, taxonomy, and data definitions
• Design risk scoring methodology, including likelihood and impact models
• Define prioritization logic aligned with organizational risk tolerance

Stakeholder Engagement & Enablement
• Collaborate with cross-functional stakeholders across business, IT, security, and governance teams
• Facilitate workshops and working sessions to validate workflows and drive adoption
• Support onboarding of initial risks into the enterprise risk register

Documentation & Knowledge Transfer
• Produce clear, audit-ready documentation covering:
• Risk register framework
• Scoring and prioritization models
• Governance workflows and decision authorities
• Deliver knowledge transfer to internal teams to ensure continuity beyond the engagement

Key Deliverables
• Enterprise Risk Register Framework (template, taxonomy)
• Risk Scoring & Prioritization Model (likelihood/impact scales, scoring logic)
• Risk Governance Model (workflows, roles/responsibilities)
• Initial Population of Risk Register (current risk posture)
• Final Documentation Package (operating procedures and guidance)

Required Qualifications
• 8+ years
of experience in
risk management, governance, or GRC
• Strong experience with:
• Risk register design and frameworks
• Risk scoring and prioritization methodologies
• Governance workflows and operating models
• Stakeholder engagement and cross-functional facilitation
• Proven ability to create
audit-ready documentation and deliver knowledge transfer
• Strong understanding of enterprise risk management practices (e.g., NIST-aligned frameworks)

Preferred Qualifications
• Experience in large enterprise or public sector environments
• Familiarity with cybersecurity and technology risk domains
• Strong facilitation, communication, and organizational change skills

Work Environment
• 100% remote within the United States
• Standard business hours with occasional off-hours support as needed
• No travel required unless pre-approved

Apply tot his job