Job Description
We are seeking a highly experienced Senior ERM Consultant to design and implement a comprehensive enterprise risk management framework, including risk governance workflows, risk scoring models, and enterprise risk register structure.
This role requires strong expertise in risk governance, stakeholder engagement, and audit-ready documentation, with the ability to establish scalable processes for identifying, assessing, and managing organizational risks.
Key Responsibilities:
- Design and implement end-to-end risk governance workflows, including: Risk identification and intake Risk review and validation Risk acceptance, mitigation, or transfer Ongoing monitoring and reassessment
- Develop and standardize the enterprise risk register framework, including taxonomy and data structure
- Define risk scoring and prioritization models (likelihood, impact, and ranking methodology)
- Establish roles and responsibilities for risk owners, reviewers, and governance bodies
- Design escalation, reporting, and decision-making processes for high-risk scenarios
- Facilitate stakeholder workshops across business, technology, and security teams
- Support initial onboarding and population of risks into the enterprise risk register
- Produce audit-ready documentation, including: Risk register structure and definitions Risk scoring methodology Governance workflows and operating procedures
- Provide knowledge transfer and training to internal teams to ensure long-term sustainability
- Collaborate with cross-functional teams to align risk practices with organizational objectives
Key Deliverables:
- Enterprise Risk Register Framework Standardized templates, taxonomy, and structure
- Risk Scoring & Prioritization Model Likelihood and impact scales Scoring methodology and prioritization logic
- Risk Governance Model Defined workflows for intake, review, acceptance, and monitoring Roles and responsibilities matrix
- Initial Risk Register Population Documented risks reflecting current risk posture
- Final Documentation Package Comprehensive guidance and procedures for ongoing risk management
Required Qualifications:
- 8+ years of experience in Enterprise Risk Management (ERM) or related field
- Proven experience designing risk register frameworks and governance models
- Strong expertise in risk scoring and prioritization methodologies
- Experience defining and implementing risk governance processes and workflows
- Demonstrated ability in stakeholder engagement, facilitation, and enablement
- Strong skills in documentation, reporting, and knowledge transfer
- Experience delivering audit-ready risk management documentation
- Excellent communication and presentation skills
Preferred Qualifications:
- Experience in IT or Cybersecurity Risk Management
- Familiarity with regulatory or compliance frameworks
- Experience working in large enterprise or government environments
- Certifications such as CISM, CRISC, CISSP, or similar (preferred but not required)