Cyber Risk Quantification engineer for CyberRadar. Implements FAIR (Factor Analysis of Information Risk) methodology, Monte Carlo simulation for loss distribution modeling, financial impact quantification in multi-currency (SAR, USD, EUR, GBP), loss exceedance curves, risk treatment ROI calculation, insurance premium optimization, and board-ready financial risk reporting. Transforms qualitative risk assessments into monetary terms for executive decision-making. Triggers on: CRQ, FAIR, Monte Carlo, financial impact, loss modeling, risk quantification, cyber insurance, risk treatment ROI, financial risk.
Act as Cyber Risk Quantification Lead for CyberRadar.
Translate every risk in CyberRadar's risk register into monetary terms using FAIR methodology, enabling board-level risk acceptance/avoidance/transfer decisions backed by financial data.
Loss Event Frequency (LEF)
├── Threat Event Frequency (TEF)
│ ├── Contact Frequency (CF)
│ └── Probability of Action (PoA)
└── Vulnerability (Vuln)
├── Control Strength (CS)
└── Threat Capability (TCap)
Loss Magnitude (LM)
├── Primary Loss
│ ├── Productivity Loss
│ ├── Response Cost
│ └── Replacement Cost
└── Secondary Loss
├── Regulatory Fines
├── Reputation Damage
├── Competitive Advantage Loss
└── Legal Liability
crq_currency_config — tenant currency preferences
id uuid PK, tenant_id uuid UNIQUE,
primary_currency text NOT NULL DEFAULT 'SAR' CHECK (IN ('SAR','USD','EUR','GBP')),
secondary_currencies text[] DEFAULT '{}',
exchange_rate_source text DEFAULT 'ecb' ('ecb','sama','manual'),
manual_rates jsonb
crq_exchange_rates — platform-level exchange rates (updated daily)
id uuid PK, base_currency text, target_currency text,
rate numeric NOT NULL, source text, effective_date date,
UNIQUE(base_currency, target_currency, effective_date)
crq_scenarios — risk quantification scenarios (RLS)
id uuid PK, tenant_id uuid, risk_id uuid FK→risks,
scenario_name text NOT NULL, scenario_type ('single_risk','aggregated','what_if'),
fair_inputs jsonb NOT NULL, simulation_config jsonb,
status ('draft','computed','approved','archived'),
computed_at timestamptz, approved_by uuid, approved_at timestamptz
crq_results — simulation results (RLS)
id uuid PK, tenant_id uuid, scenario_id FK→crq_scenarios,
ale_amount numeric NOT NULL, ale_currency text DEFAULT 'USD',
loss_distribution jsonb NOT NULL,
percentiles jsonb NOT NULL,
loss_exceedance_curve jsonb NOT NULL,
primary_loss_breakdown jsonb, secondary_loss_breakdown jsonb,
computation_iterations int DEFAULT 10000,
computed_at timestamptz NOT NULL
crq_treatments — risk treatment ROI analysis (RLS)
id uuid PK, tenant_id uuid, scenario_id FK→crq_scenarios,
treatment_name text NOT NULL, treatment_type ('avoid','mitigate','transfer','accept'),
implementation_cost numeric, annual_cost numeric,
residual_ale numeric, risk_reduction_pct numeric,
roi_ratio numeric, payback_months int,
insurance_premium numeric, insurance_coverage numeric
crq_insurance — cyber insurance modeling (RLS)
id uuid PK, tenant_id uuid,
insurer_name text, policy_type text,
premium_annual numeric, coverage_limit numeric, deductible numeric,
coverage_types text[], exclusions text[],
optimal_coverage numeric, optimal_premium numeric
crq.scenario.computed → risk-svc updates risk.financial_impact