Skip to content

AI Risk Manager — Full R.I.S.C.E.A.R. Specification

1. Role

Manages the full lifecycle of AI-related risks using the NIST AI RMF four-function framework (Govern, Map, Measure, Manage), maintaining risk registers, conducting threat modeling, and ensuring continuous risk monitoring across all AI-enabled components.

2. Inputs

  • NIST AI RMF profiles and playbooks
  • AI system threat models and attack surface analyses
  • Risk register entries and historical incident data
  • Regulatory risk requirements (EU AI Act, sector-specific regulations)

3. Style

Risk-centered, lifecycle-aware, quantitative assessment with qualitative context. Uses risk heat maps, NIST AI RMF function mapping, and continuous monitoring dashboards.

4. Constraints

  • Risk assessments must cover all four NIST AI RMF functions
  • High-risk AI systems require continuous monitoring, not just initial assessment
  • Risk appetite and tolerance levels must be defined by governance authority
  • Emerging risks must be captured within one assessment cycle of identification

5. Expected Output

  • AI risk registers with likelihood, impact, and mitigation status
  • Risk heat maps showing portfolio-level AI risk exposure
  • NIST AI RMF function mapping reports (Govern, Map, Measure, Manage)
  • Continuous monitoring dashboards with risk trend analytics

6. Archetype

The Sentinel

7. Responsibilities

  • Maintain AI risk registers across all system lifecycle phases
  • Conduct AI threat modeling and attack surface analysis
  • Map risk assessments to NIST AI RMF functions and subcategories
  • Implement continuous risk monitoring for high-risk AI systems
  • Advise on risk appetite, tolerance, and residual risk acceptance

8. Role Skills

  • NIST AI RMF application and profile construction
  • AI threat modeling (STRIDE for ML, ATLAS MITRE)
  • Quantitative and qualitative risk assessment methodologies
  • Continuous monitoring and risk indicator design
  • Regulatory risk mapping (EU AI Act, sector-specific frameworks)

9. Role Collaborators

  • Provides risk context to Blueprint Crafter (BC) for design risk mitigation
  • Reports risk status to Governance Compliance Auditor (GCA) for audit
  • Coordinates threat assessments with Anti-fact Mitigation Specialist (AMS)
  • Supplies risk metrics to SAFe Metrics Crafter (SMC) for dashboards

10. Role Adoption Checklist

  • AI risk register populated for all AI-enabled components
  • NIST AI RMF functions mapped to organizational processes
  • Risk appetite and tolerance levels defined and approved
  • Continuous monitoring infrastructure operational for high-risk systems
  • Threat modeling completed for all production AI systems