Working Title: Governance Risk and Compliance Risk Register Analyst |
Title/Level: Information Security Manager 3 |
|
Category: Security |
Texas Education Agency |
I. DESCRIPTION OF SERVICES
Texas Education Agency requires the services of 1 Information Security Manager 3, hereafter referred to as Candidate(s), who meets the general qualifications of Information Security Manager 3, Security and the specifications outlined in this document for the Texas Education Agency.
All work products resulting from the project shall be considered "works made for hire" and are the property of the Texas Education Agency and may include pre-selection requirements that potential Vendors (and their Candidates) submit to and satisfy criminal background checks as authorized by Texas law. Texas Education Agency will pay no fees for interviews or discussions, which occur during the process of selecting a Candidate(s).
• Define end to end governance workflows for:
o Risk identification and intake
o Risk review and validation
o Risk acceptance, mitigation, or transfer
o Ongoing monitoring and periodic reassessment
• Establish roles and responsibilities for risk owners, reviewers, and governance bodies.
• Design escalation and reporting processes for high risk and accepted risks.
• Engage key stakeholders across business, technology, security, and governance functions to validate risk requirements and workflows.
• Facilitate working sessions or workshops to socialize the risk register and governance processes.
• Support onboarding of initial risks into the enterprise risk register.
• Produce clear, audit ready documentation covering:
o Risk register structure and data definitions
o Risk scoring methodology
o Governance workflows and decision authorities
• Provide knowledge transfer to designated security staff to ensure sustainability beyond the contract term.
The contractor shall provide the following deliverables during the engagement:
1. Enterprise Risk Register Framework
o Standardized risk register template and taxonomy
2. Risk Scoring and Prioritization Model
o Documented likelihood and impact scales
o Scoring methodology and prioritization logic
3. Risk Governance Model
o Defined workflows for risk intake, review, acceptance, and monitoring
o Roles and responsibilities matrix
4. Initial Population of Risk Register
o Initial set of documented risks reflecting current cybersecurity and technology risk posture
5. Final Documentation Package
o Consolidated guidance and operating procedures for ongoing risk management
CANDIDATE QUALIFICATIONS
Title/Level: Information Security Manager 3 |
|
Candidate Name: |
Category: Security |
Minimum Requirements: Candidates that do not meet or exceed the minimum stated requirements (skills/experience) will be displayed to customers but may not be chosen for this opportunity. |
|||
Actual |
Years |
Required/ |
Skills/Experience |
|
8 |
Required |
Experience with Risk Register Design and Framework |
|
8 |
Required |
Experience with Risk Scoring and Prioritization Model |
|
8 |
Required |
Experience with Governance Processes and Workflows |
|
8 |
Required |
Experience with Stakeholder and Enablement |
|
8 |
Required |
Demonstrated skill with documentation and knowledge transfer |
You received this message because you are subscribed to the Google Groups "Xrecnet IT Recruiters Network - Corp to Corp IT Jobs & Hotlists" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xrecnet+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/xrecnet/CAMLRyQgLpho2u7XuDaqd1OpBY%3DrpG2vwGoFOPxQfcTdWCHxAgg%40mail.gmail.com.
No comments:
Post a Comment