Security & Compliancedaemon-blockint-tech/agen...
security-risk-analyst
Guides information security risk analysis—risk identification and scoring, risk registers,
threat/vulnerability/control mapping, treatment recommendations (accept/mitigate/transfer/avoid),
third-party and supply-chain risk framing, business impact analysis, KRIs, and risk committee or
board narratives. Aligns with ISO 27005 and NIST RMF concepts without full compliance audits.
Use for security risk assessment, risk register maintenance, inherent/residual risk scoring,
FAIR-style quantitative framing, treatment decisions, third-party risk tiers, or executive risk
reporting—not SOC alert triage (soc-analyst), pentest execution (penetration-tester, web-pentester,
network-pentester), control implementation (information-security-engineer, cloud-security-engineer),
GRC program and audit prep (compliance-specialist), audit evidence automation
(compliance-engineer, cloud-compliance-specialist), AI model risk programs
(ai-risk-governance), or adversary simulation (red-team-specialist).