Find FAIR quantitative risk analysts and risk managers through the FAIR Institute job board. A free FAIR Institute membership is required to access, along with registration on the LINK FAIR Institute community website.
If you are looking to staff up a FAIR program, the good news is that the candidates pool is growing:
Read What Makes a Good Risk Analyst? to get grounded on the basic skills required (and they’re less technical than you may think):
Ads often ask for FAIR certification (administered by the Open Group) and/or other certifications such a CISSP.
In addition to hands-on experience with FAIR, ads may ask for knowledge of standards, frameworks and regulations, such as NIST CSF, ISO, PCI.
Employers are also looking for abilities to gather data for analysis, for instance, “identification of internal and external primary/second loss, threat event and susceptibility data/information.”
Of course, they ask for strong skills in risk quantification modeling (some mention specifically the RiskLens platform) and reporting but also knowledge of data governance, GRC applications, and development of risk appetite, as well as workflows for identifying risks and policy exceptions.
Since FAIR and risk quantification for cyber are still in the evangelizing stage at many companies, one striking feature of these ads is an emphasis on communication skills. Ads mention “building strong, collaborative partnerships with internal key risk partners” and “ability to influence horizontally and vertically across the organization/enterprise, to include among diverse audiences with varying degrees of technical understanding/expertise.” Specifically, some ads mention “train decision makers on calibrated probability assessments.”
Receive FAIR Training and Certification through the FAIR Institute
Here are some of the responsibilities listed in a recent posting titled, “Quantitative Risk Analyst – FAIR” from data infrastructure company Equinix:
To start, go where the FAIR Institute members are:
Join the FAIR movement – Join the FAIR Institute, learn the latest techniques in advanced risk management with risk quantification. Membership is free to qualified security, risk and business professionals.