How to get into GRC
One of the common questions that I get from people who DM me on LinkedIn and on the GRC subreddit is how someone could get into Governance, Risk, and Compliance (GRC). I thought I would write up my thoughts on it.
When I talk about GRC, I am mostly referring to GRC in the IT/Security/Cyber space because that’s what I know best. A lot of what I recommend comes from my own experiences, so it might not apply to everyone.
And a big thanks to my friends for reading the first draft and giving me feedback, especially Ritesh Kini for letting me share his comments.
Honestly, it’s quite difficult to get directly into a GRC role as a beginner. You need some sort of IT experience to be valuable in a GRC team.
I would like to add shadowing others already in GRC to get early exposure to auditing. Most managers are cool with it and it allows you to build a relationship with GRC management. It ups your chances of moving into an open role.
One other way to get into GRC, especially in an India context is to work with GRC tool vendors and learn about the space doing implementations, supporting projects and then over a period of time getting that ‘light-bulb moment’ of – oh, this is how it all comes together.
