Information Security Manager 3 (70126089)

Remote – United States I. DESCRIPTION OF SERVICES • Define end to end governance workflows for: o Risk identification and intake o Risk review and validation o Risk acceptance, mitigation, or transfer o Ongoing monitoring and periodic reassessment • Establish roles and responsibilities for risk owners, reviewers, and governance bodies. • Design escalation and reporting processes for high risk and accepted risks. • Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows. • Facilitate working sessions or workshops to socialize the risk register and governance processes. • Support onboarding of initial risks into the enterprise risk register. • Produce clear, audit ready documentation covering: o Risk register structure and data definitions o Risk scoring methodology o Governance workflows and decision authorities • Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term. The contractor shall provide the following deliverables during the engagement: 1 . Enterprise Risk Register Framework o Standardized risk register template and taxonomy 2 . Risk Scoring and Prioritization Model o Documented likelihood and impact scales o Scoring methodology and prioritization logic 3 . Risk Governance Model o Defined workflows for risk intake, review, acceptance, and monitoring o Roles and responsibilities matrix 4 . Initial Population of Risk Register o Initial set of documented risks reflecting current cybersecurity and technology risk posture 5 . Final Documentation Package o Consolidated guidance and operating procedures for ongoing risk management II. CANDIDATE SKILLS AND QUALIFICATIONS Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. Years Required/Preferred Experience 8 Required Experience with Risk Register Design and Framework 8 Required Experience with Risk Scoring and Prioritization Model 8 Required Experience with Governance Processes and Workflows 8 Required Experience with Stakeholder and Enablement 8 Required Demonstrated skill with documentation and knowledge transfer Note : Expected Start Date 05/26/2026 and Expected End Date 08/31/2026 . May be renewed up to 3 years. Normal business hours are Monday through Friday from 8:00 AM to 5:00 PM , excluding State holidays when the agency is closed. The worker may be required to work outside the normal business hours on weekends, evenings and holidays, as requested.