GOVERNANCE, RISK AND COMPLIANCE

GRC professionals are responsible for the development and implementation of policies that relate to risk management and compliance. Technically sound professionals with a profound understanding of the impact of cyber risks organizations these professionals provide oversight and development through leadership, direction and/or advocacy.  They develop, implement and audit standards of best practice concerning Governance, Risk and Compliance (GRC), Business Continuity (BC), Disaster Recovery Planning (DRP), Security Incident and Event Management (SIEM) or Identity and Access Management (IAM), to name but a few. In addition, they rely on interpersonal and strong communication skills to lead teams and projects to success.

Relevant certifications include

•    Certified Information Systems Security Professional (CISSP – ISC2)
•    Information Systems Security Management Professional (ISSMP – ISC2)
•    Certified Information Security Manager (CISM – ISACA)
•    Certified in Risk and Information Systems Control (CRISC – ISACA)
•    Certified Information Systems Auditor (CISA – ISACA)
•    Certified in Governance of Enterprise IT (CGEIT – ISACA)
•    CoBIT 5 Foundation, Implementation, Assessor (CoBIT 5 – ISACA)
•    GIAC Certified Systems and Network Auditor (GSNA – GIAC)
•    Certified Information Privacy Manager (CIPM – IAPP)
•    Certified Information Privacy Technologist (CIPT  – IAPP)
•    CompTIA Advanced Security Practitioner (CASP – CompTIA)

Relevant job titles

• Chief Executive Officer (CEO)
• Chief Information Security Officer (CISO)
• Chief Information Officer (CIO)
• Chief Security Officer (CSO)/ Security Officer
• Chief Technology Officer (CTO)
• General Counsel
• IT Director
• Security Operations Center (SOC) Manager
• Risk Auditor
• Risk Advisor
• Business Unit Manager