Do you love the idea of cyber security, but wish there was a less technical path available?
Introducing... Governance, Risk and Compliance!
Here’s all you need to know 👇
1/ What is it?
2/ What roles exist?
3/ What skills / exp do I need?
4/ What's the day-to-day like?
Introducing... Governance, Risk and Compliance!
Here’s all you need to know 👇
1/ What is it?
2/ What roles exist?
3/ What skills / exp do I need?
4/ What's the day-to-day like?
1/ What is it?
GRC refers to the processes and policies that orgs put in place to manage and mitigate the risks associated with their use of technology.
Simple enough, right?
GRC refers to the processes and policies that orgs put in place to manage and mitigate the risks associated with their use of technology.
Simple enough, right?
GRC includes ensuring compliance with relevant laws and regulations, identifying and assessing potential threats, implementing controls to prevent or respond to incidents, and continuously monitoring and improving the overall effectiveness of the org’s cybersecurity program.
Governance
It’s the overall management and oversight of an org’s cybersecurity program.
Think policies, standards, and procedures for protecting sensitive information and systems, while maintaining the availability, integrity, and confidentiality of data.
It’s the overall management and oversight of an org’s cybersecurity program.
Think policies, standards, and procedures for protecting sensitive information and systems, while maintaining the availability, integrity, and confidentiality of data.
Risk Management
It’s the process of identifying, assessing, and prioritising potential security threats to an org, and then implementing controls to mitigate or prevent those risks.
In theory – easy
In practice – not so easy
It’s the process of identifying, assessing, and prioritising potential security threats to an org, and then implementing controls to mitigate or prevent those risks.
In theory – easy
In practice – not so easy
Compliance
Ensuring rules and regs are followed to protect sensitive info and systems from unauthorised access, use, disclosure, disruption, modification, or destruction.
Examples:
- GDPR in the EU
- HIPAA in the US
- PCI DSS for businesses that accept credit card payments
Ensuring rules and regs are followed to protect sensitive info and systems from unauthorised access, use, disclosure, disruption, modification, or destruction.
Examples:
- GDPR in the EU
- HIPAA in the US
- PCI DSS for businesses that accept credit card payments
2/ How does this translate to roles in GRC?
Here are a few examples of job titles that may be associated with this area (non-exhaustive):
- Security Governance Analyst
- Security Risk Management Analyst
- Security Compliance Analyst
- Third Party Security Analyst
Here are a few examples of job titles that may be associated with this area (non-exhaustive):
- Security Governance Analyst
- Security Risk Management Analyst
- Security Compliance Analyst
- Third Party Security Analyst
Here are more senior level roles in GRC:
- Information Security Officer
- Information Security Manager
- IT Compliance Officer
- Data Privacy Officer
- Information Security Officer
- Information Security Manager
- IT Compliance Officer
- Data Privacy Officer
3/ What skills and experience do I need?
For entry-level folk:
A degree in cybersecurity or a related field is preferred, but not required.
Baseline certs: Security+ or SSCP (mini-CISSP)
Practical experience: if you can’t get an internship, make your own 👇
For entry-level folk:
A degree in cybersecurity or a related field is preferred, but not required.
Baseline certs: Security+ or SSCP (mini-CISSP)
Practical experience: if you can’t get an internship, make your own 👇
For those looking to advance further in their GRC career:
CISSP / CISM are the Gold Standard for you!
CISSP / CISM are the Gold Standard for you!
4/ What is the day-to-day like?
To set expectations, you will live in word, powerpoints and spreadsheets.
Most of your job will be writing policies and auditing controls (asking the technical people to show you policies have been applied).
To set expectations, you will live in word, powerpoints and spreadsheets.
Most of your job will be writing policies and auditing controls (asking the technical people to show you policies have been applied).
Strong communication skills are crucial for explaining why certain controls are required.
Make no mistake... GRC is vital for driving the improvement of an org’s cyber security posture.
Make no mistake... GRC is vital for driving the improvement of an org’s cyber security posture.
Will I get stuck in GRC?
Absolutely not.
If you want to grow into a more technical role, you’ll bring a skillset that others lack. Once you’re up to speed, you’ll be seen as a Unicorn with dual-skillsets!
Stacking year's exp in GRC will help you land other roles in future.
Absolutely not.
If you want to grow into a more technical role, you’ll bring a skillset that others lack. Once you’re up to speed, you’ll be seen as a Unicorn with dual-skillsets!
Stacking year's exp in GRC will help you land other roles in future.
In my opinion it’s the best place for a non-techie to start and I couldn’t recommend it highly enough.
It’s where I started and it helped me transition from Business Management to the world of Cyber Security.
It’s where I started and it helped me transition from Business Management to the world of Cyber Security.
If you found this valuable, I'd greatly appreciate a Like / RT.
It signals to me what type of content is useful to you.
If you'd like to discuss more, visit the Calpha Community Discord 👍
Have a great day!
It signals to me what type of content is useful to you.
If you'd like to discuss more, visit the Calpha Community Discord 👍
Have a great day!
P.S. If you want to get started, or go further in your cyber security career, you'll love my weekly newsletter (it's free).
1 job hunting tip every week to help you land your dream role.
Link here: calpha.beehiiv.com
1 job hunting tip every week to help you land your dream role.
Link here: calpha.beehiiv.com
Loading suggestions...