cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Firoj
Viewer

Move from Help Desk to Governance, Risk, and Compliance?

I'm currently help desk/systems administrator for a non-profit. I keep failing at tech based interviews b/c I'm not very technical. I'm not good at math or programming and I don't have a finance background...

However, as one of the youngest members of the organization, I understand technical systems enough that I can get across new IT policies to all different types of end users pretty easily (this includes teachers, doctors, and priests) This skill has made me wonder if perhaps a career in Governance, Risk, and Compliance would be perfect for me. After spending five years yelling at people to click on the right buttons. It sounds like a dream to push papers, write reports, and sit in meetings while people discuss said reports.

Thing is. I have no idea where to start. If I get the GRCP Certificate is that all that is required to open doors? My organization hires outside auditors so perhaps I can speak to them but they only show up once a year and barely talk to IT. We have a legal person who usually deals with this stuff, and that's the only person who deals with this stuff. I can't really ask her for advice b/c she doesn't want me to leave the organization so she won't help. So I have no network in this area. My dream would be to either work at a big social media company like Facebook, Spotify, or Twitter, or some type of government agency like the UN or State Dept.

 
2 Replies
rslade
Influencer II

> Firoj (Viewer) posted a new topic in Governance, Risk, Compliance on 12-03-2020 02:02 PM in the (ISC)² Community :

> This
> skill has made me wonder if perhaps a career in Governance, Risk, and
> Compliance would be perfect for me.

OK, first you have to get some management experience. *Any* kind of
management experience.

Fortunately, you work for a non-profit. That means you have some contacts in
the volunteer world. And volunteer orgs are *always* looking for people to take
on a project. Even if you have to do it as a volunteer. Get a few years of
experience there, and then you can tune your resume to get into a real
management job. Then you're on your way.

> So I have no network in this area.

Again, you've got volunteer contacts. They can be your network. Probably better
than trying to find a mentor in orgs that have a more competitive nature.

> My dream would be to either work at a big
> social media company like Facebook, Spotify, or Twitter, or some type of
> government agency like the UN or State Dept.

First things first. Get into some management work, and then into management at
a smaller org, and then climb orgs.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Books are a uniquely portable magic. - Stephen King
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Steve-Wilme
Advocate II

There are many areas of risk management, not just InfoSec.  You would be managing risk if you worked in wide variety of fields; health and safety, facilities, fraud management, credit management, public health, business continuity etc.  And to manage risk at an enterprise level you'd need to get used to working with managers in other business functions.

 

Your first step is to volunteer, either within your current organisation, another non profit or industry body to contribute to some of the sort of work you would like to be doing.  You could even explore project management as a means to get experience of managing people; the advantage being that if you find you don't like managing people so much, that projects are a temporary organisation and come to an end.  

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS