Enterprise Risk Management (ERM), Risk Register Design, Risk Scoring & Prioritization, Risk Governance Frameworks, Workflow Design, Stakeholder Engagement, Risk Assessment & Mitigation, Audit-Ready Documentation, Risk Taxonomy, Compliance & Controls, Process Design, Reporting & Escalation, Knowledge TransferWe are seeking a highly experienced Senior ERM Consultant to design and implement a comprehensive enterprise risk management framework, including risk governance workflows, risk scoring models, and enterprise risk register structure.
This role requires strong expertise in risk governance, stakeholder engagement, and audit-ready documentation, with the ability to establish scalable processes for identifying, assessing, and managing organizational risks.
Key Responsibilities:
- Design and implement end-to-end risk governance workflows, including:
- Risk identification and intake
- Risk review and validation
- Risk acceptance, mitigation, or transfer
- Ongoing monitoring and reassessment
- Develop and standardize the enterprise risk register framework, including taxonomy and data structure
- Define risk scoring and prioritization models (likelihood, impact, and ranking methodology)
- Establish roles and responsibilities for risk owners, reviewers, and governance bodies
- Design escalation, reporting, and decision-making processes for high-risk scenarios
- Facilitate stakeholder workshops across business, technology, and security teams
- Support initial onboarding and population of risks into the enterprise risk register
- Produce audit-ready documentation, including:
- Risk register structure and definitions
- Governance workflows and operating procedures
- Provide knowledge transfer and training to internal teams to ensure long-term sustainability
- Collaborate with cross-functional teams to align risk practices with organizational objectives
Key Deliverables:
- Enterprise Risk Register Framework
- Standardized templates, taxonomy, and structure
- Risk Scoring & Prioritization Model
- Likelihood and impact scales
- Scoring methodology and prioritization logic
- Defined workflows for intake, review, acceptance, and monitoring
- Roles and responsibilities matrix
- Initial Risk Register Population
- Documented risks reflecting current risk posture
- Final Documentation Package
- Comprehensive guidance and procedures for ongoing risk management
Required Qualifications:
- 8+ years of experience in Enterprise Risk Management (ERM) or related field
- Proven experience designing risk register frameworks and governance models
- Strong expertise in risk scoring and prioritization methodologies
- Experience defining and implementing risk governance processes and workflows
- Demonstrated ability in stakeholder engagement, facilitation, and enablement
- Strong skills in documentation, reporting, and knowledge transfer
- Experience delivering audit-ready risk management documentation
- Excellent communication and presentation skills
Preferred Qualifications:
- Experience in IT or Cybersecurity Risk Management
- Familiarity with regulatory or compliance frameworks
- Experience working in large enterprise or government environments
- Certifications such as CISM, CRISC, CISSP, or similar (preferred but not required)