Design and implement enterprise-level risk management frameworks. Build a structured risk register, governance workflows, and risk scoring models. Collaborate with business, IT, and security teams.
Key Highlights
Key Responsibilities
Technical Skills Required
Benefits & Perks
Nice to Have
Job Description
GRC Risk Register Analyst
Role Level: Information Security Manager III
Category: Cybersecurity / Governance, Risk & Compliance (GRC)
Work Location: 100% Remote (Within the United States)
About the Role
We are looking for a GRC Risk Register Analyst to design and implement enterprise-level risk management frameworks. This role will focus on building a structured risk register, governance workflows, and risk scoring models, ensuring alignment across business, security, and technology teams.
Key Responsibilities
Risk Framework & Governance
- Define end-to-end governance workflows for:
- Risk identification and intake
- Risk validation and review
- Risk treatment (accept, mitigate, transfer)
- Continuous monitoring and reassessment
- Establish roles and responsibilities for stakeholders and governance bodies
- Design escalation and reporting processes for high-risk items
Stakeholder Engagement
- Collaborate with business, IT, and security teams to validate risk processes
- Conduct workshops and working sessions to drive adoption
- Support onboarding of risks into the enterprise risk register
Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.
Risk Register & Documentation
- Develop and maintain:
- Risk register structure and taxonomy
- Risk scoring methodology (likelihood & impact)
- Governance workflows and decision models
- Ensure documentation is audit-ready and aligned with best practices
Deliverables
- Enterprise Risk Register Framework
- Risk Scoring & Prioritization Model
- Risk Governance Model (workflows + RACI)
- Initial population of enterprise risk register
- Final documentation and operational guidelines
Knowledge Transfer
- Provide training and handover to internal teams
- Ensure sustainability of processes post-engagement
Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.
Required Qualifications
- 8+ years of experience in:
- Risk register design and implementation
- Risk scoring and prioritization frameworks
- Governance processes and workflow design
- Stakeholder engagement and enablement
- Documentation and knowledge transfer
- Strong understanding of GRC frameworks and cybersecurity risk management
- Excellent communication and facilitation skills
Work Environment
- Standard business hours (Mon–Fri) with flexibility as needed
- Fully remote (U.S.-based)
- Occasional extended hours based on project needs
Nice to Have
- Experience in government or regulated environments
- Familiarity with frameworks like NIST, ISO 27001, or FAIR
- Experience with GRC tools (e.g., Archer, ServiceNow GRC)
Similar Jobs
Explore other opportunities that match your interests
Cybersecurity & Identity Protection Engineer
BLACKCLOAK
D&H Distributing
