Enterprise Risk Management (ERM) Consultant

Dragonfli Group seeks an experienced Enterprise Risk Management (ERM) Consultant to support the development and operationalization of a comprehensive ERM framework for a large municipal water and power utility. This is an initial 6-month engagement with the opportunity for extension based on project performance and evolving client needs.

The consultant will support the build-out of risk governance, compliance risk assessment, and risk data strategy, with a particular emphasis on compliance, policy development, and GRC alignment. You will work directly with internal stakeholders to validate existing materials, drive compliance risk assessments, and formalize key governance and reporting structures. This project requires strong experience in enterprise risk frameworks, GRC modeling, and public sector stakeholder engagement.

This role is primarily remote; however, requires monthly on-site presence for 3-4 days over the duration of the project. The monthly meetings will be held in the Southern California region.

Key Responsibilities:

Compliance Risk Area “Pilot”

• Review and validate existing ERM documentation and materials

• Conduct working sessions with stakeholders to align on compliance risk universe and prioritization

• Develop a draft compliance risk inventory and 12+ month roadmap for GRC framework implementation

• Build compliance risk taxonomy and assessment criteria in coordination with ERM

• Perform comprehensive compliance risk assessments, including interviews and documentation reviews

• Identify compliance risk accountability structures and draft control documentation

• Recommend compliance risk management operating model and draft full GRC framework

ERM Program Development

• Leverage and refine existing risk framework to build ERM reporting structure and governance

• Develop a comprehensive risk register and standardize risk communications

• Define risk remediation processes and escalation pathways

• Assess technology enablement strategies for ERM and recommend GRC tooling solutions

• Advise on future-state resourcing and control frameworks

Required Qualifications

• 7+ years of experience in enterprise risk management, compliance, or GRC consulting
• Demonstrated experience standing up or expanding ERM programs for large public sector or utility organizations
• Strong knowledge of compliance risk taxonomies, risk registers, and control documentation
• Experience developing KPIs, performance metrics, and risk communications plans
• Familiarity with GRC tools and technology strategy for risk enablement
• Exceptional communication, facilitation, and documentation skills

Preferred Qualifications

• Prior experience with municipal utilities, public sector governance, or regulated infrastructure environments
• Certifications such as CRISC, CISA, CGEIT, or equivalent risk/compliance credentials
• Familiarity with NIST RMF, COSO ERM Framework, or ISO 31000

Benefits - health, vision, dental

PTO & Federal Holidays

401(k), employer match

3-4 days each month for the duration of the project. This meetings will be held in Southern California.