In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF) and threat modelling methodologies (e.g., STRIDE, DREAD) .
Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
Proficiency risk assessment matrices.
Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA).