Working knowledge of risk frameworks and governance approaches: e.g., NIST 800-53/63, ISO 27001/27002, FFIEC expectations; three lines of defense model; issue/exception management
Strong written communication skills: policy drafting, risk narratives, control design, audit responses
Analytical skills: define KRIs/KCIs/KPIs, interpret trends, and present data-driven recommendations