Risk Management
Skill packages tagged with “Risk Management”
Business Impact Analysis (BIA)
Conduct structured Business Impact Analyses per ISO 22301. Guides interviews, maps process dependencies, determines RTO/RPO targets, and validates consistency across the dependency chain with automated tools that flag timing conflicts and circular dependencies.
CMMI-DEV Risk Management
Draft CMMI-DEV Risk Management (RSKM) deliverables: risk management plan and risk register for ML3.
Ecosystem Risk Ranker (CISA CPG 4.1)
Map and rank external dependencies (SaaS, cloud, utilities) essential to a Critical Service. Assigns criticality scores by impact of vendor outage on mission and validates vendor uptime SLAs against the organization's Maximum Allowable Downtime (MAD). Aligned with CISA CPG 4.1 Critical Service Dependency Map.
ISO 14971 Risk File Author
Guided elaboration of risk management file for medical devices per ISO 14971: hazard identification, risk analysis, risk control, residual risk acceptability, and benefit–risk rationale. Flags risks above acceptability thresholds without control or justification.
ISO 42001 AI Risk Register
Draft and validate the AI risk register for ISO/IEC 42001:2023 with ownership, treatment, and residual risk.
ITIL 4 Risk Management
Draft and maintain ITIL 4 Risk Management practice documentation and artifacts aligned to the Service Value System.
MaRisk Risikomanagement-Handbuch
Erstellt und prueft Risikomanagement-Handbuecher fuer Finanzinstitute in Deutschland gemaess MaRisk (BaFin). Unterstuetzt die vollstaendige Ausarbeitung aller MaRisk-Module (AT, BT, BTR), Konformitaetspruefungen und Identifikation von Dokumentationsluecken.
MDevSPICE Software Risk Management Process
Document and evidence the software risk management process per IEC 62304 and MDevSPICE: risk management plan, risk analysis, risk control, risk review, production and post-production monitoring.
NIST CSF Profile Author
Guided elaboration of a NIST Cybersecurity Framework (CSF) assessment: current profile (Identify, Protect, Detect, Respond, Recover, Govern), target profile, gap analysis, and prioritized implementation plan with outcomes and metrics.
Risk & Control Self-Assessment (RCSA)
RCSA support aligned with COSO and Basel III. Front-line managers document risks and control effectiveness; the skill scores control strength (Automated > Manual, Preventative > Detective) and identifies optimistic bias where residual risk is low despite weak controls or thin descriptions.
SFCR Solvency II (Pillar 3)
Supports preparation and review of the Solvency and Financial Condition Report (SFCR) for EU insurance and reinsurance undertakings under Solvency II Pillar 3, including QRT consistency checks and MCR/SCR ratio validation.
State Claims Risk Management
Draft and validate Risk Management reports for state-insured entities (hospitals, prisons) in Ireland under the State Claims Agency (SCA/NTMA). Ensures expected sections, tags Protected Disclosure and LPP content, and aligns with NIMS incident reporting.
Third-Party Risk Assessment (TPRA)
Assess vendor security posture by validating SIG questionnaire responses against evidence and auditing SOC 2 reports for coverage gaps. Produces structured TPRA reports aligned with NIST SP 800-161 and GDPR Article 28, with automated tools that flag unsupported vendor claims, expired reports, and bridge-letter gaps.