GRC Architect
This is a remote position.
Key Responsibilities
Framework & Governance Design Workflow Engineering: Define end-to-end governance workflows for risk identification, intake, validation, and mitigation. Governance Structures: Establish clear roles and responsibilities (RACI) for risk owners, reviewers, and oversight bodies. Escalation Logic: Design formal reporting and escalation processes for high-priority and accepted risks. Stakeholder Engagement & Enablement Cross-Functional Collaboration: Partner with Business, Technology, Security, and Audit functions to validate risk requirements. Facilitation: Lead workshops to socialize the risk register and train stakeholders on new governance processes. Onboarding: Support the initial migration and population of critical risks into the enterprise register. Documentation & Sustainability Audit Readiness: Produce high-quality documentation covering data definitions, scoring logic, and decision authorities. Knowledge Transfer: Conduct formal training and handovers to internal security staff to ensure long-term framework sustainability. Professional Deliverables Enterprise Risk Register Framework: A standardized template and taxonomy. Risk Scoring & Prioritization Model: Documented likelihood/impact scales and prioritization logic. Operational Governance Model: Defined intake workflows and a roles/responsibilities matrix. Initial Risk Population: A baseline register reflecting current cybersecurity and tech risk posture. Final Operating Procedures: Consolidated guidance for ongoing, business-as-usual risk management. Candidate Qualifications Minimum Requirements: 8+ Years of direct experience in Risk Register Design and Framework development. 8+ Years of experience creating Risk Scoring and Prioritization Models. 8+ Years of experience defining Governance Processes and Workflows. 8+ Years of experience in Stakeholder Management and Enablement. 8+ Years of demonstrated expertise in technical writing, audit-ready documentation, and knowledge transfer. Preferred Skills: Professional certifications such as CRISC, CISM, CISSP, or CGEIT. Deep understanding of industry frameworks (e.g., NIST 800-30, ISO 31000, COBIT). Experience with GRC tool implementation (e.g., ServiceNow, Archer, OneTrust). Apply To This Job