Information Security Manager/Vulnerability Manager

Responsibilities Define end-to-end governance workflows for risk identification and intake, risk review and validation, risk acceptance, mitigation, or transfer, and ongoing monitoring and periodic reassessment. Establish roles and responsibilities for risk owners, reviewers, and governance bodies. Design escalation and reporting processes for high risk and accepted risks.

Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows. Facilitate working sessions or workshops to socialize the risk register and governance processes. Support onboarding of initial risks into the enterprise risk register.

Produce clear, audit-ready documentation covering: Risk register structure and data definitions Risk scoring methodology Governance workflows and decision authorities Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term. Deliverables during the engagement Enterprise Risk Register Framework Standardized risk register template and taxonomy Risk Scoring and Prioritization Model Documented likelihood and impact scales Scoring methodology and prioritization logic Risk Governance Model Defined workflows for risk intake, review, acceptance, and monitoring Roles and responsibilities matrix Initial population of risk register Initial set of documented risks reflecting current cybersecurity and technology risk posture Final Documentation Package Consolidated guidance and operating procedures for ongoing risk management Experience Risk Register Design and Framework Risk Scoring and Prioritization Model Governance Processes and Workflows Stakeholder and Enablement Documentation and knowledge transfer #J-18808-Ljbffr