Government Careers
  • Sr. Security Risk Management Consultant

  • Conexess
  • Livonia, Michigan 48150 United States View Map

Senior Security Risk Management Consultant

The Senior Security Risk Management Consultant serves as a strategic advisor, liaison, and subject matter expert, driving enterprise-wide security risk management strategies that support our mission and operational excellence. This role partners with senior leadership, security, IT, and business stakeholders to identify, assess, and mitigate cybersecurity risks while ensuring alignment with organizational priorities and regulatory requirements. Responsibilities include leading complex risk assessments, guiding risk treatment strategies, influencing enterprise decision-making, and strengthening overall risk posture through governance, metrics, and continuous improvement.

Program and Regulatory Compliance

  • Supports the development and execution of our Information Security Third Party Risk and Integrated Risk Management Program, contributing to definition of team goals, scope of work, and deliverables aligned to Enterprise Information Security (EIS) priorities.
  • Serves as a trusted advisor and liaison to stakeholders, ensuring initiatives align with organizational mission, values, operational goals, and applicable regulatory, legal, and contractual requirements.
  • Leads and coordinates team participation in regulatory audits and investigations, including the preparation, validation, and delivery of required evidence, while supporting overall audit readiness and response efforts.

People Leadership (Mentorship/Advisory)

  • Contributes to a high-performing team of security risk professionals by providing guidance and support in third-party and integrated risk management, risk-based prioritization, and enterprise risk remediation coordination.
  • Serves as a mentor and trusted resource to team members, offering subject matter expertise and helping to drive consistency, accountability, and quality in work delivery.
  • Supports the development and refinement of team practices, including role clarity, competencies, and growth pathways aligned to organizational expectations.
  • Provides ongoing coaching, knowledge sharing, and development support to colleagues, fostering professional growth and preparing team members for expanded responsibilities.
  • Promotes a collaborative and inclusive team environment, encouraging open communication, psychological safety, and data-informed decision-making.
  • Demonstrates authentic and professional influence, building trust through clear communication, partnership, and effective engagement with peers, leadership, and stakeholders.

Information Security Governance, Risk & Compliance (GRC)

  • Supports and contributes to third-party and integrated risk management activities within our GRC platforms, identifying opportunities for process improvement and adapting to evolving control frameworks and risk requirements.
  • Performs and reviews vendor tiering and risk assessments, partnering with team members and providing guidance on complex or higher-risk cases as needed.
  • Contributes to the execution and ongoing refinement of the third-party cyber risk lifecycle, including intake, due diligence, control assessment, remediation tracking, and ongoing monitoring.
  • Evaluates vendor security controls across multiple domains (e.g., identity and access management, network and cloud security, data protection, incident response, and business continuity), applying risk-based judgment.
  • Reviews and provides input on security-related contractual requirements, supporting alignment with organizational standards and regulatory expectations.
  • Participates in coordination of offshore security risk compliance activities, helping to ensure consistency, quality, and timeliness of deliverables.
  • Translates technical findings into clear business risk insights to support decision-making by stakeholders and business partners.
  • Prepares and supports materials for audits, regulatory inquiries, and internal governance reviews.
  • Documents and tracks risks, supports remediation efforts, and facilitates security policy exception (risk acceptance) processes in alignment with established standards.
  • Identifies security risks and manages issues by working with stakeholders to develop corrective action plans, including cost and timeline analysis, and partners with leadership to present temporary risk acceptance plans in accordance with organizational security policies, procedures, and standards. Provides guidance on governance processes and collaborates with stakeholders to embed security and compliance into operational and strategic initiatives.
  • Maintains active involvement in day-to-day assessments to ensure quality, consistency, and timely delivery.
  • Escalates risks and concerns through appropriate channels to support effective resolution and visibility.

Metrics and Reporting

  • Partners with Strategy and Planning and Enterprise Information Security leadership to develop and report on key risk indicators (KRIs) and key performance indicators (KPIs), delivering clear, actionable insights that support informed decision-making and effective governance.
  • Design, develop, and monitor robust data analysis and reporting systems, along with communication tools, to ensure accurate and timely insights.

Information Security Risk Management (Advisory & Enablement)

  • Coordinates and supports assignment of assessment work, partnering with team members and stakeholders to ensure alignment with established standards and effective intake processes.
  • Reviews and provides guidance on risk assessments to promote consistency, quality, and alignment with our information security requirements.
  • Contributes to workload balancing through collaboration and knowledge sharing, supporting team readiness and capability to deliver departmental services effectively.

Executive & Stakeholder Engagement

  • Cultivates and maintains effective relationships with executives and key stakeholders through clear, authentic, and risk-informed communication; supports alignment, enables informed decision-making, and promotes shared accountability for managing security risk.

Enterprise Risk Communication & Decision Support

  • Synthesizes and communicates enterprise security risk insights to executives and stakeholders in a clear, actionable manner, operating within established leadership direction and communication protocols; translates complex risk data into meaningful narratives that support informed decision-making, drive prioritization, and strengthen governance in alignment with organizational objectives.

Information Security Leadership Support

  • Serves as a representative of the Manager and/or Director as directed. Supports Information Security leadership by providing risk-informed insights, actionable recommendations, and clear communication to enable strategic decision-making, program prioritization, and alignment with organizational objectives.

Security Leadership & Coordination

  • Partners with Enterprise Information Security leadership to support aligned execution of security and risk management activities, including policy and standards development, control assessments, and risk management education; promotes collaboration, consistency, and integration of security practices across the organization.

Regulatory & Standards Monitoring

  • Maintains a working knowledge of applicable Federal, State, and local laws and regulations, our Integrity and Compliance Program and Code of Conduct, and relevant policies and procedures, while staying current with industry developments and regulatory changes to ensure updates are reflected and adherence is upheld with honest, ethical, and professional behavior.

Project Management

  • Leads and supports security risk initiatives and annual program activities, ensuring successful delivery aligned with organizational standards and risk management objectives.
  • Provides guidance and mentorship to team members managing projects, promoting consistency, accountability, and high-quality outcomes without direct supervisory responsibility.
  • Partners with stakeholders and leadership to align priorities, communicate status, and support achievement of strategic outcomes.
  • Proactively identifies risks and supports mitigation efforts to keep initiatives on track and aligned with organizational expectations.

Relationship Management

  • Builds and maintains effective relationships to support stakeholder engagement throughout the project, program, or initiative lifecycle.
  • Partners with stakeholders to support development and alignment of business process workflows, as well as training and communication plans.
  • Provides guidance, tools, and resources to help stakeholders address challenges, mitigate risks, and sustain engagement, promoting risk-aware decision-making and adoption of information security best practices across the organization.

Minimum Qualifications

  • Bachelor's degree or an equivalent combination of education and experience.
  • One or more security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) Certified in Governance, Risk and Compliance (GRCP) or equivalent.
  • Minimum of seven (7) years of progressive experience in information services including three (3) years working in cybersecurity governance, risk, and compliance (GRC).
  • Minimum of three (3) years of progressively responsible experience in healthcare and/or other regulated industries.
  • Strong knowledge of the HIPAA Security Rule and applicable industry security regulations, with the ability to rapidly build and sustain expertise; working understanding of broader HIPAA requirements, including Privacy and Breach Notification Rules.
  • Proven knowledge of enterprise security principles and practices, with hands-on experience or demonstrated capability in implementing, integrating, and managing security solutions across enterprise environments.
  • Working knowledge of one or more information security regulations and/or frameworks - HIPAA, ISO 27001

Senior Security Risk Management Consultant

The Senior Security Risk Management Consultant serves as a strategic advisor, liaison, and subject matter expert, driving enterprise-wide security risk management strategies that support our mission and operational excellence. This role partners with senior leadership, security, IT, and business stakeholders to identify, assess, and mitigate cybersecurity risks while ensuring alignment with organizational priorities and regulatory requirements. Responsibilities include leading complex risk assessments, guiding risk treatment strategies, influencing enterprise decision-making, and strengthening overall risk posture through governance, metrics, and continuous improvement.

Program and Regulatory Compliance

  • Supports the development and execution of our Information Security Third Party Risk and Integrated Risk Management Program, contributing to definition of team goals, scope of work, and deliverables aligned to Enterprise Information Security (EIS) priorities.
  • Serves as a trusted advisor and liaison to stakeholders, ensuring initiatives align with organizational mission, values, operational goals, and applicable regulatory, legal, and contractual requirements.
  • Leads and coordinates team participation in regulatory audits and investigations, including the preparation, validation, and delivery of required evidence, while supporting overall audit readiness and response efforts.

People Leadership (Mentorship/Advisory)

  • Contributes to a high-performing team of security risk professionals by providing guidance and support in third-party and integrated risk management, risk-based prioritization, and enterprise risk remediation coordination.
  • Serves as a mentor and trusted resource to team members, offering subject matter expertise and helping to drive consistency, accountability, and quality in work delivery.
  • Supports the development and refinement of team practices, including role clarity, competencies, and growth pathways aligned to organizational expectations.
  • Provides ongoing coaching, knowledge sharing, and development support to colleagues, fostering professional growth and preparing team members for expanded responsibilities.
  • Promotes a collaborative and inclusive team environment, encouraging open communication, psychological safety, and data-informed decision-making.
  • Demonstrates authentic and professional influence, building trust through clear communication, partnership, and effective engagement with peers, leadership, and stakeholders.

Information Security Governance, Risk & Compliance (GRC)

  • Supports and contributes to third-party and integrated risk management activities within our GRC platforms, identifying opportunities for process improvement and adapting to evolving control frameworks and risk requirements.
  • Performs and reviews vendor tiering and risk assessments, partnering with team members and providing guidance on complex or higher-risk cases as needed.
  • Contributes to the execution and ongoing refinement of the third-party cyber risk lifecycle, including intake, due diligence, control assessment, remediation tracking, and ongoing monitoring.
  • Evaluates vendor security controls across multiple domains (e.g., identity and access management, network and cloud security, data protection, incident response, and business continuity), applying risk-based judgment.
  • Reviews and provides input on security-related contractual requirements, supporting alignment with organizational standards and regulatory expectations.
  • Participates in coordination of offshore security risk compliance activities, helping to ensure consistency, quality, and timeliness of deliverables.
  • Translates technical findings into clear business risk insights to support decision-making by stakeholders and business partners.
  • Prepares and supports materials for audits, regulatory inquiries, and internal governance reviews.
  • Documents and tracks risks, supports remediation efforts, and facilitates security policy exception (risk acceptance) processes in alignment with established standards.
  • Identifies security risks and manages issues by working with stakeholders to develop corrective action plans, including cost and timeline analysis, and partners with leadership to present temporary risk acceptance plans in accordance with organizational security policies, procedures, and standards. Provides guidance on governance processes and collaborates with stakeholders to embed security and compliance into operational and strategic initiatives.
  • Maintains active involvement in day-to-day assessments to ensure quality, consistency, and timely delivery.
  • Escalates risks and concerns through appropriate channels to support effective resolution and visibility.

Metrics and Reporting

  • Partners with Strategy and Planning and Enterprise Information Security leadership to develop and report on key risk indicators (KRIs) and key performance indicators (KPIs), delivering clear, actionable insights that support informed decision-making and effective governance.
  • Design, develop, and monitor robust data analysis and reporting systems, along with communication tools, to ensure accurate and timely insights.

Information Security Risk Management (Advisory & Enablement)

  • Coordinates and supports assignment of assessment work, partnering with team members and stakeholders to ensure alignment with established standards and effective intake processes.
  • Reviews and provides guidance on risk assessments to promote consistency, quality, and alignment with our information security requirements.
  • Contributes to workload balancing through collaboration and knowledge sharing, supporting team readiness and capability to deliver departmental services effectively.

Executive & Stakeholder Engagement

  • Cultivates and maintains effective relationships with executives and key stakeholders through clear, authentic, and risk-informed communication; supports alignment, enables informed decision-making, and promotes shared accountability for managing security risk.

Enterprise Risk Communication & Decision Support

  • Synthesizes and communicates enterprise security risk insights to executives and stakeholders in a clear, actionable manner, operating within established leadership direction and communication protocols; translates complex risk data into meaningful narratives that support informed decision-making, drive prioritization, and strengthen governance in alignment with organizational objectives.

Information Security Leadership Support

  • Serves as a representative of the Manager and/or Director as directed. Supports Information Security leadership by providing risk-informed insights, actionable recommendations, and clear communication to enable strategic decision-making, program prioritization, and alignment with organizational objectives.

Security Leadership & Coordination

  • Partners with Enterprise Information Security leadership to support aligned execution of security and risk management activities, including policy and standards development, control assessments, and risk management education; promotes collaboration, consistency, and integration of security practices across the organization.

Regulatory & Standards Monitoring

  • Maintains a working knowledge of applicable Federal, State, and local laws and regulations, our Integrity and Compliance Program and Code of Conduct, and relevant policies and procedures, while staying current with industry developments and regulatory changes to ensure updates are reflected and adherence is upheld with honest, ethical, and professional behavior.

Project Management

  • Leads and supports security risk initiatives and annual program activities, ensuring successful delivery aligned with organizational standards and risk management objectives.
  • Provides guidance and mentorship to team members managing projects, promoting consistency, accountability, and high-quality outcomes without direct supervisory responsibility.
  • Partners with stakeholders and leadership to align priorities, communicate status, and support achievement of strategic outcomes.
  • Proactively identifies risks and supports mitigation efforts to keep initiatives on track and aligned with organizational expectations.

Relationship Management

  • Builds and maintains effective relationships to support stakeholder engagement throughout the project, program, or initiative lifecycle.
  • Partners with stakeholders to support development and alignment of business process workflows, as well as training and communication plans.
  • Provides guidance, tools, and resources to help stakeholders address challenges, mitigate risks, and sustain engagement, promoting risk-aware decision-making and adoption of information security best practices across the organization.

Minimum Qualifications

  • Bachelor's degree or an equivalent combination of education and experience.
  • One or more security certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC) Certified in Governance, Risk and Compliance (GRCP) or equivalent.
  • Minimum of seven (7) years of progressive experience in information services including three (3) years working in cybersecurity governance, risk, and compliance (GRC).
  • Minimum of three (3) years of progressively responsible experience in healthcare and/or other regulated industries.
  • Strong knowledge of the HIPAA Security Rule and applicable industry security regulations, with the ability to rapidly build and sustain expertise; working understanding of broader HIPAA requirements, including Privacy and Breach Notification Rules.
  • Proven knowledge of enterprise security principles and practices, with hands-on experience or demonstrated capability in implementing, integrating, and managing security solutions across enterprise environments.
  • Working knowledge of one or more information security regulations and/or frameworks - HIPAA, ISO 27001
Government Careers

Government Careers

Government jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.

Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.

Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.

Show more

MORE JOBS