I’m looking to start a career in GRC. Been searching a bunch of different things (e.g. cybersecurity internal audit, GRC analyst, cyber audit, risk analyst, etc.) but everything that’s coming up is mid-senior positions, manager positions, etc.

  • hellofriend@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    No certs as of current. Trying to figure out if there’s even an entry-level pathway available before I dump more money into education. NIST and ISA: are these international certs or America specific? The latter won’t help me much unless I get a remote job. As for regulations, that should be easy enough. I’m already good at research, so.

    • Nomecks@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      They’re America specific, but every region will have similar frameworks. ISO27001 is world wide I believe.

      • hellofriend@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        I’ve actually just done a bit of digging on it and it seems that CISSP is used in Canada, so I might pull the trigger on that. I’m also considering Unixguy’s GRC Mastery course. Happen to know anything about it? I don’t think it counts as a certification proper, but it might be good to show employers what I’m interested in and that I’ve already put in some work.

        • Nomecks@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          You need five years of experience in cybersecurity, or sponsorship from another CISSP to get certified. NIST and ISO are followed by lots of companies, and ISA-62443 is a big one for OT cyber.

          • hellofriend@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            4 months ago

            Guess I shoulda done more digging lol. Thanks for the help. Btw, do you know much about PECB’s courses? They have some ISO stuff that’s GRC specific, might look into it.