FAIR Institute Blog

How to Hire a FAIR Cyber Risk Analyst

[fa icon="calendar"] Mar 2, 2022 9:56:00 AM / by Jeff B. Copeland

How to Hire a FAIR Cyber Risk AnalystLooking for a Quantitative Cyber Risk Specialist, a Risk Quantification Analyst or even a Senior Factor Analysis of Information Risk (FAIR™) Analyst? It’s a sign of the rapid adoption of FAIR that organizations have recently been advertising for new hires with those titles, jobs dedicated full-time to a skill – cyber risk quantification – that a few years ago wasn’t even thought possible.

Find FAIR quantitative risk analysts and risk managers through the FAIR Institute job board. A free FAIR Institute membership is required to access, along with registration on the LINK FAIR Institute community website.

If you are looking to staff up a FAIR program, the good news is that the candidates pool is growing: 

Read What Makes a Good Risk Analyst? to get grounded on the basic skills required (and they’re less technical than you may think):

  1. Strong critical thinking skills
  2. Understanding of basic probability
  3. Training in calibrated estimation
  4. Comfort with numbers
  5. Familiarity with Monte Carlo simulation  

How to Write a Job Description for a FAIR Quantitative Cyber Risk Analyst 

Ads often ask for FAIR certification (administered by the Open Group) and/or other certifications such a CISSP.

In addition to hands-on experience with FAIR, ads may ask for knowledge of standards, frameworks and regulations, such as NIST CSF, ISO, PCI. 

Employers are also looking for abilities to gather data for analysis, for instance, “identification of internal and external primary/second loss, threat event and susceptibility data/information.”

Of course, they ask for strong skills in risk quantification modeling (some mention specifically the RiskLens platform) and reporting but also knowledge of data governance, GRC applications, and development of risk appetite, as well as workflows for identifying risks and policy exceptions.

Since FAIR and risk quantification for cyber are still in the evangelizing stage at many companies, one striking feature of these ads is an emphasis on communication skills. Ads mention “building strong, collaborative partnerships with internal key risk partners” and “ability to influence horizontally and vertically across the organization/enterprise, to include among diverse audiences with varying degrees of technical understanding/expertise.” Specifically, some ads mention “train decision makers on calibrated probability assessments.”

Receive FAIR Training and Certification through the FAIR Institute 

A Sample Risk Analyst Job Description 

Here are some of the responsibilities listed in a recent posting titled, “Quantitative Risk Analyst – FAIR” from data infrastructure company Equinix:

  • Perform triage and detailed FAIR risk analysis using the RiskLens platform to effectively scope and analyze loss event scenarios at scale
  • Apply internal and external data as well as calibrated estimation techniques to support FAIR analysis
  • Evaluate risks and use strong knowledge of control categories and their effect on loss exposure to make informed recommendations for risk mitigation strategies to the business
  • Interpret analysis results and effectively communicate their meaning to decision-makers and other invested stakeholders
  • Build and help manage the organization’s risk registers to monitor risks and track their mitigation activities with the associated risk owners
  • Help define KPIs and KRIs to be actively used in decision making
  • Work with the RiskLens team to monitor and regularly update loss tables and data helpers within the RiskLens platform to support efficiency and consistency of risk analyses
  • Coordinate data-gathering initiatives to improve measurement precision
  • Socialize the FAIR risk quantification program and promote its adoption among internal stakeholders and Leadership 

Where to Find FAIR Analyst Job Candidates

To start, go where the FAIR Institute members are: 

Join the FAIR movement – Join the FAIR Institute, learn the latest techniques in advanced risk management with risk quantification. Membership is free to qualified security, risk and business professionals.

Topics: FAIR Training, Guides & Tips

Jeff B. Copeland

Written by Jeff B. Copeland

Jeff is the Content Marketing Manager for RiskLens.

Join the FAIR Community

Subscribe to Email Updates

Learn How FAIR Can Help You
Make Better Business Decisions

Recent Posts