GRC roadmap

Governance, risk, compliance, policies, audits, and security programs. Map controls to business risk; learn evidence collection and audit readiness.

0 courses6 resourcesGRC analyst

Step-by-step path

Risk vocabulary and security controls
NIST CSF, CIS Controls, ISO 27001
Evidence collection, audit prep, and policy writing
Build a portfolio artifact and publish a short writeup.

Starter stack

RiskISO 27001SOC 2Policy

Free: NIST CSF Paid: SANS management courses

Best next resources

NIST NICE FrameworkNIST · Free NIST Cybersecurity FrameworkNIST · Free CISA Cybersecurity ResourcesCISA · Free CIS Critical Security ControlsCIS · Free FAIR InstituteFAIR Institute · Free ISO/IEC 27001ISO · Free