Can we have multiple rulesets for one organization? If yes then how can we assign a rule set to an AFM profile? 

Release : 9.1

Symantec Risk Authentication

Risk Authentication product has capability to create multiple rule sets for an Organization but at a given time only one Ruleset can be ACTIVE. Unfortunately there is no way to pass the Rulesets in API call or through the AFM profile and this is a limitation in the product. If this feature is critical for your Organization then please create an Enhancement Request and engage with the Account team who can talk to Product management and provide feedback.

Creating Ruleset in Risk Authentication