GRC Architect

This is a remote position.

Key Responsibilities

Framework & Governance Design

• Workflow Engineering: Define end-to-end governance workflows for risk identification, intake, validation, and mitigation.
  

• Governance Structures: Establish clear roles and responsibilities (RACI) for risk owners, reviewers, and oversight bodies.
  

• Escalation Logic: Design formal reporting and escalation processes for high-priority and accepted risks.
  

Stakeholder Engagement & Enablement

• Cross-Functional Collaboration: Partner with Business, Technology, Security, and Audit functions to validate risk requirements.
  

• Facilitation: Lead workshops to socialize the risk register and train stakeholders on new governance processes.
  

• Onboarding: Support the initial migration and population of critical risks into the enterprise register.
  

Documentation & Sustainability

• Audit Readiness: Produce high-quality documentation covering data definitions, scoring logic, and decision authorities.
  

• Knowledge Transfer: Conduct formal training and handovers to internal security staff to ensure long-term framework sustainability.
  

Professional Deliverables

1. Enterprise Risk Register Framework: A standardized template and taxonomy.
   

2. Risk Scoring & Prioritization Model: Documented likelihood/impact scales and prioritization logic.
   

3. Operational Governance Model: Defined intake workflows and a roles/responsibilities matrix.
   

4. Initial Risk Population: A baseline register reflecting current cybersecurity and tech risk posture.
   

5. Final Operating Procedures: Consolidated guidance for ongoing, business-as-usual risk management.
   

Candidate Qualifications

Minimum Requirements:

• 8+ Years of direct experience in Risk Register Design and Framework development.
  

• 8+ Years of experience creating Risk Scoring and Prioritization Models .
  

• 8+ Years of experience defining Governance Processes and Workflows .
  

• 8+ Years of experience in Stakeholder Management and Enablement .
  

• 8+ Years of demonstrated expertise in technical writing, audit-ready documentation , and knowledge transfer.
  

Preferred Skills:

• Professional certifications such as CRISC, CISM, CISSP, or CGEIT .
  

• Deep understanding of industry frameworks (e.g., NIST 800-30, ISO 31000, COBIT).
  

• Experience with GRC tool implementation (e.g., ServiceNow, Archer, OneTrust).