I’m looking to start a career in GRC. Been searching a bunch of different things (e.g. cybersecurity internal audit, GRC analyst, cyber audit, risk analyst, etc.) but everything that’s coming up is mid-senior positions, manager positions, etc.

  • Nomecks
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    They’re America specific, but every region will have similar frameworks. ISO27001 is world wide I believe.

    • hellofriend@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I’ve actually just done a bit of digging on it and it seems that CISSP is used in Canada, so I might pull the trigger on that. I’m also considering Unixguy’s GRC Mastery course. Happen to know anything about it? I don’t think it counts as a certification proper, but it might be good to show employers what I’m interested in and that I’ve already put in some work.

      • Nomecks
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        You need five years of experience in cybersecurity, or sponsorship from another CISSP to get certified. NIST and ISO are followed by lots of companies, and ISA-62443 is a big one for OT cyber.

        • hellofriend@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          Guess I shoulda done more digging lol. Thanks for the help. Btw, do you know much about PECB’s courses? They have some ISO stuff that’s GRC specific, might look into it.