Information Security Manager

Job Title:              Information Security Manager

Location:              Remote

Duration:             12+ months

Interview:           Video

Need submission soon,        Linkedin with pic on it

READ THE DETAILS BELOW BEFORE SENDING CANDIDATES, EVERYTHING MUST BE INCLUDED AND MATCH TO BE CONSIDERED
WHAT TO SEND: Resume, visa if they''re on one, if its a then a DL and filled out form (years and 3 references (name, title, company, phone)


They highly prefer candidates who worked for any state education agency that would be a huge plus



MUST HAVE
8        Required        Experience with Risk Register Design and Framework
8        Required        Experience with Risk Scoring and Prioritization Model
8        Required        Experience with Governance Processes and Workflows
8        Required        Experience with Stakeholder and Enablement
8        Required        Demonstrated skill with documentation and knowledge transfer

Description:
• Define end to end governance workflows for:
         o Risk identification and intake
         o Risk review and validation
         o Risk acceptance, mitigation, or transfer
         o Ongoing monitoring and periodic reassessment

• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
• Design escalation and reporting processes for high risk and accepted risks.
• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.
• Facilitate working sessions or workshops to socialize the risk register and governance processes.
• Support onboarding of initial risks into the enterprise risk register.
• Produce clear, audit ready documentation covering:
         o Risk register structure and data definitions
         o Risk scoring methodology
         o Governance workflows and decision authorities
• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.

The contractor shall provide the following deliverables during the engagement:
1. Enterprise Risk Register Framework
         o Standardized risk register template and taxonomy
2. Risk Scoring and Prioritization Model
         o Documented likelihood and impact scales
         o Scoring methodology and prioritization logic
3. Risk Governance Model
         o Defined workflows for risk intake, review, acceptance, and monitoring
         o Roles and responsibilities matrix
4. Initial Population of Risk Register
         o Initial set of documented risks reflecting current cybersecurity and technology risk posture
5. Final Documentation Package
         o Consolidated guidance and operating procedures for ongoing risk management