Move from Help Desk to Governance, Risk, and Compliance?
I'm currently help desk/systems administrator for a non-profit. I keep failing at tech based interviews b/c I'm not very technical. I'm not good at math or programming and I don't have a finance background...
However, as one of the youngest members of the organization, I understand technical systems enough that I can get across new IT policies to all different types of end users pretty easily (this includes teachers, doctors, and priests) This skill has made me wonder if perhaps a career in Governance, Risk, and Compliance would be perfect for me. After spending five years yelling at people to click on the right buttons. It sounds like a dream to push papers, write reports, and sit in meetings while people discuss said reports.
Thing is. I have no idea where to start. If I get the GRCP Certificate is that all that is required to open doors? My organization hires outside auditors so perhaps I can speak to them but they only show up once a year and barely talk to IT. We have a legal person who usually deals with this stuff, and that's the only person who deals with this stuff. I can't really ask her for advice b/c she doesn't want me to leave the organization so she won't help. So I have no network in this area. My dream would be to either work at a big social media company like Facebook, Spotify, or Twitter, or some type of government agency like the UN or State Dept.
> Firoj (Viewer) posted a new topic in Governance, Risk, Compliance on 12-03-2020 02:02 PM in the (ISC)Â² Community :
> This > skill has made me wonder if perhaps a career in Governance, Risk, and > Compliance would be perfect for me.
OK, first you have to get some management experience. *Any* kind of management experience.
Fortunately, you work for a non-profit. That means you have some contacts in the volunteer world. And volunteer orgs are *always* looking for people to take on a project. Even if you have to do it as a volunteer. Get a few years of experience there, and then you can tune your resume to get into a real management job. Then you're on your way.
> So I have no network in this area.
Again, you've got volunteer contacts. They can be your network. Probably better than trying to find a mentor in orgs that have a more competitive nature.
> My dream would be to either work at a big > social media company like Facebook, Spotify, or Twitter, or some type of > government agency like the UN or State Dept.
First things first. Get into some management work, and then into management at a smaller org, and then climb orgs.
There are many areas of risk management, not just InfoSec. You would be managing risk if you worked in wide variety of fields; health and safety, facilities, fraud management, credit management, public health, business continuity etc. And to manage risk at an enterprise level you'd need to get used to working with managers in other business functions.
Your first step is to volunteer, either within your current organisation, another non profit or industry body to contribute to some of the sort of work you would like to be doing. You could even explore project management as a means to get experience of managing people; the advantage being that if you find you don't like managing people so much, that projects are a temporary organisation and come to an end.
----------------------------------------------------------- Steve Wilme CISSP-ISSAP, ISSMP MCIIS