I'm currently help desk/systems administrator for a non-profit. I keep failing at tech based interviews b/c I'm not very technical. I'm not good at math or programming and I don't have a finance background...
However, as one of the youngest members of the organization, I understand technical systems enough that I can get across new IT policies to all different types of end users pretty easily (this includes teachers, doctors, and priests) This skill has made me wonder if perhaps a career in Governance, Risk, and Compliance would be perfect for me. After spending five years yelling at people to click on the right buttons. It sounds like a dream to push papers, write reports, and sit in meetings while people discuss said reports.
Thing is. I have no idea where to start. If I get the GRCP Certificate is that all that is required to open doors? My organization hires outside auditors so perhaps I can speak to them but they only show up once a year and barely talk to IT. We have a legal person who usually deals with this stuff, and that's the only person who deals with this stuff. I can't really ask her for advice b/c she doesn't want me to leave the organization so she won't help. So I have no network in this area. My dream would be to either work at a big social media company like Facebook, Spotify, or Twitter, or some type of government agency like the UN or State Dept.
There are many areas of risk management, not just InfoSec. You would be managing risk if you worked in wide variety of fields; health and safety, facilities, fraud management, credit management, public health, business continuity etc. And to manage risk at an enterprise level you'd need to get used to working with managers in other business functions.
Your first step is to volunteer, either within your current organisation, another non profit or industry body to contribute to some of the sort of work you would like to be doing. You could even explore project management as a means to get experience of managing people; the advantage being that if you find you don't like managing people so much, that projects are a temporary organisation and come to an end.