Where the standards require a risk assessment ... someone needs to do it. Lots of people don't realize they need to. Lots of people don't want to hear that their product or process has non-zero risk (lawyers and government departments appear to have a big problem with this). Lots more know they need to do it, but don't know how. A few more people know how, but don't want to take the risk of misinterpreting or misjudging or of missing something completely (which are all facts of life when doing risk assessments). A few other people know how and can manage those risks. That's your opportunity.
The flipside of doing a risk assessment is that you have to tell people and companies that there is risk associated with their product or process. A lot of people and companies can't handle that.
Reality: There is no such thing as a complete risk assessment ... only varying degrees of incompleteness. They tend to evolve with time as we learn things. There are very few applications where someone will pay for, and has the time for, something that truly approaches a "complete" risk assessment. I have yet to see it ever happen. The reality is that there is a tradeoff between adequately covering reasonably foreseeable situations, and how much time and money the client is willing to put into it. The fact that we still encounter the occasional disaster involving man-made machines is evidence that we do not live in a perfect world.
Hindsight, of course, is 20/20. Who would have thought that a nuclear plant in a geographic area prone to off-shore earthquakes would have a common-cause failure of the systems designed to protect it?