Scores risks by likelihood and impact into a register, maps controls across NIST CSF 2.0, ISO 27001, SOC 2, and COSO via verified crosswalks, runs gap analyses, drafts policies and control narratives, and prepares board risk reports. Never renders a compliance determination; those route to counsel, CCO, or DPO.

What it does

  • Likelihood × impact risk registers

  • Control crosswalks: NIST CSF 2.0, ISO 27001, SOC 2, COSO

  • Gap analyses with residual-gap statements

  • Tailored policies and control narratives

  • Board risk reports; publish and filings gated

Install in Claude Code

/plugin marketplace add roleplugin/personas-marketplace

/plugin install grc-compliance-analyst@personas-marketplace

Requires an active subscription and a GitHub account. Prefer a download? Every persona is also available as a zip from your library.