Freelance Information Security Risk & Governance Specialist

Company Description

ThreatXIntel is a growing Cybersecurity, IT Staffing, and Consulting company delivering end-to-end technology and security solutions.

Role Overview

We are looking for a Freelance Information Security Risk & Governance Specialist with strong expertise in risk quantification, FAIR methodology, and data-driven risk modeling.

The ideal candidate will work on building current-state and future-state risk models, quantify annualized loss exposure, and calculate risk reduction benefits in financial terms.

This role is highly analytical and requires experience in risk modeling, scenario analysis, and governance frameworks.

Key Responsibilities

Risk Modeling & Quantification

• Build current-state risk models to quantify annualized loss exposure
• Develop future-state models incorporating IT governance controls
• Calculate risk reduction delta (financial impact in dollar terms)
• Perform scenario-based risk analysis (frequency & magnitude modeling)

FAIR & Risk Methodology

• Apply FAIR (Factor Analysis of Information Risk) methodology
• Define and model
  
  risk scenarios (data breach, outage, compliance risk, etc.)
• Document assumptions, inputs, and calibration logic

Data Analysis & Reporting

• Analyze risk data using analytics tools and data platforms
• Develop metrics, KRIs, KPIs for risk monitoring
• Create dashboards and reports using Tableau / Power BI

Governance & Controls

• Align risk models with frameworks:
• NIST CSF
• Unified Control Framework (UCF)
• Regulatory standards (HIPAA, PCI)
• Evaluate impact of controls like:
• IAM
• Patching
• Monitoring
• DR/BCP

Scenario Analysis & Simulation

• Perform sensitivity analysis and scenario comparison
• Evaluate impact of control improvements on risk exposure
• Support decision-making with quantified insights

Collaboration & Stakeholder Management

• Work with IT, Security, Finance, and Business teams
• Present risk insights to leadership and executive stakeholders
• Support

  Looking to get Placed? Try our Placement Guarantee Plan

  Get Hired
  board-level risk reporting

Tooling & Technology

• Work with platforms like ThreatConnect / FAIR tools / analytics systems
• Define data inputs and integrate with enterprise data sources

Required Skills (Mandatory)

• Strong experience in Information Security Risk Management (5+ years)
• Hands-on experience with FAIR risk quantification methodology
• Experience in risk modeling (current-state & future-state)
• Strong analytical skills (probability, loss estimation, scenario modeling)
• Experience with data analytics & reporting tools (Tableau / Power BI)
• Strong understanding of NIST, UCF, and regulatory frameworks
• Experience in risk scenario analysis and financial impact modeling
• Strong communication skills for executive-level reporting

Nice to Have

• Experience with ThreatConnect or similar platforms
• Certifications: CISSP, CISA, CRISC, FAIR
• Background in data science / statistics / risk analytics
• Experience in healthcare or regulated industries