Cybersecurity Risk & Governance Consultant (Remote | Contract)

Location: 100% Remote (U.S.-based candidates only) Duration: May 2026 – August 2026 (Extension Possible) Schedule: Monday–Friday, 8:00 AM – 5:00 PM CST Hours: Up to ~560 hours

Overview

We are seeking an experienced Cybersecurity Risk & Governance Consultant to design and implement enterprise-level risk management frameworks, governance workflows, and risk register structures . This role is ideal for someone with strong expertise in risk frameworks, stakeholder engagement, and governance design , who can build scalable, audit-ready processes and enable long-term sustainability through documentation and knowledge transfer.

Key Responsibilities

Risk Framework & Governance Design

• Define end-to-end governance workflows for:
• Risk identification and intake
• Risk review and validation
• Risk acceptance, mitigation, or transfer
• Ongoing monitoring and reassessment
• Establish clear roles and responsibilities across risk owners, reviewers, and governance bodies
• Design escalation and reporting processes for high-risk and accepted risks

Risk Register & Scoring Model

• Develop and standardize enterprise risk register structure, taxonomy, and data definitions
• Design risk scoring methodology, including likelihood and impact models
• Define prioritization logic aligned with organizational risk tolerance

Stakeholder Engagement & Enablement

• Collaborate with cross-functional stakeholders across business, IT, security, and governance teams
• Facilitate workshops and working sessions to validate workflows and drive adoption
• Support onboarding of initial risks into the enterprise risk register

Documentation & Knowledge Transfer

• Produce clear, audit-ready documentation covering:
• Risk register framework
• Scoring and prioritization models
• Governance workflows and decision authorities
• Deliver knowledge transfer to internal teams to ensure continuity beyond the engagement

Key Deliverables

• Enterprise Risk Register Framework (template, taxonomy)
• Risk Scoring & Prioritization Model (likelihood/impact scales, scoring logic)
• Risk Governance Model (workflows, roles/responsibilities)
• Initial Population of Risk Register (current risk posture)
• Final Documentation Package (operating procedures and guidance)

Required Qualifications

• 8+ years

of experience in risk management, governance, or GRC

• Strong experience with:
• Risk register design and frameworks
• Risk scoring and prioritization methodologies
• Governance workflows and operating models
• Stakeholder engagement and cross-functional facilitation
• Proven ability to create

audit-ready documentation and deliver knowledge transfer

• Strong understanding of enterprise risk management practices (e.g., NIST-aligned frameworks)

Preferred Qualifications

• Experience in large enterprise or public sector environments
• Familiarity with cybersecurity and technology risk domains
• Strong facilitation, communication, and organizational change skills

Work Environment

• 100% remote within the United States
• Standard business hours with occasional off-hours support as needed
• No travel required unless pre-approved

Apply tot his job Apply To this Job