Information Security Manager 3 (70126089)
Remote – United States
I. DESCRIPTION OF SERVICES
• Define end to end governance workflows for:
o Risk identification and intake
o Risk review and validation
o Risk acceptance, mitigation, or transfer
o Ongoing monitoring and periodic reassessment
• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
• Design escalation and reporting processes for high risk and accepted risks.
• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.
• Facilitate working sessions or workshops to socialize the risk register and governance processes.
• Support onboarding of initial risks into the enterprise risk register.
• Produce clear, audit ready documentation covering:
o Risk register structure and data definitions
o Risk scoring methodology
o Governance workflows and decision authorities
• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.
The contractor shall provide the following deliverables during the engagement:
1. Enterprise Risk Register Framework
o Standardized risk register template and taxonomy
2. Risk Scoring and Prioritization Model
o Documented likelihood and impact scales
o Scoring methodology and prioritization logic
3. Risk Governance Model
o Defined workflows for risk intake, review, acceptance, and monitoring
o Roles and responsibilities matrix
4. Initial Population of Risk Register
o Initial set of documented risks reflecting current cybersecurity and technology risk posture
5. Final Documentation Package
o Consolidated guidance and operating procedures for ongoing risk management
II. CANDIDATE SKILLS AND QUALIFICATIONS
| Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. | ||
| Years | Required/Preferred | Experience |
| 8 | Required | Experience with Risk Register Design and Framework |
| 8 | Required | Experience with Risk Scoring and Prioritization Model |
| 8 | Required | Experience with Governance Processes and Workflows |
| 8 | Required | Experience with Stakeholder and Enablement |
| 8 | Required | Demonstrated skill with documentation and knowledge transfer |
Note: Expected Start Date 05/26/2026 and Expected End Date 08/31/2026. May be renewed up to 3 years.
Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM, excluding State holidays when the agency is closed. The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.