Risk analysis is part of the initial information security work, because knowing the risks means you know what you have to protect.
But you, who already work in IT and even in your personal life, already carry out risk analysis on a daily basis.
To work on information security, you will need to adjust a few things.