Introduction & Seeking Guidance on GRC Career Path

MurrayLichoro

Hello Folks,

I’m thrilled to join this community and eager to learn from professionals in the cybersecurity and GRC space.

I’m currently halfway through the ISC2 Certified in Cybersecurity (CC) Foundation program and preparing to book my exam soon. Since this program is freely offered, I wanted to hear your thoughts on its relevance to a GRC career:

With the CC certification, would I be well-positioned to start as a GRC analyst, or are there additional certifications, skills, or experience I should focus on?
What are the best entry paths into GRC, especially for someone looking to break into the field?
Are there any valuable resources, mentorship opportunities, or industry trends I should pay close attention to?

I’d appreciate any insights or advice you can share, and I look forward to engaging with and learning from this community.

Best regards,
Murray Lichoro

tsutherburg

Hi Murray

Good on you for working towards your certification.

In my opinion, the CC certification certainly can put you onto the path as a GRC analyst but if I was hiring, I would be a bit more interested in your familiarity with whatever compliance/governance I was dealing with. Keep in mind, I would not expect you to be an expert, but I might want to know what your knowledge is regarding NIST or PCI DSS is (for example).

So, I guess my recommendation is when you get to the point you are interviewing for a position, research the company. Try to get a handle on what compliance or governance they might be struggling with. Then research those models. At a minimum it shows you are willing to self-start and find answers.

Hope that helps.

Cheers

Tim