GRC Analyst

For governance, risk, policy, audits, and security program work. Target role: Risk, audit, compliance. Expected timeline: 2-5 months.

Security+, CRISC, CISA, CISSP later25+ resourcesGRC

Study sequence

Weeks 1-2: risk and control vocabulary
Weeks 3-4: NIST CSF and CIS Controls
Month 2: evidence, policies, and audit workflow
Month 3+: SOC 2, ISO 27001, and business reporting

Portfolio projects

Risk register
Control mapping worksheet
Security policy sample
Audit evidence request checklist

Matched resources

NIST NICE FrameworkNIST · Beginner · Free NIST Cybersecurity FrameworkNIST · Intermediate · Free CISA Cybersecurity ResourcesCISA · Beginner · Free CIS Critical Security ControlsCIS · Intermediate · Free FAIR InstituteFAIR Institute · Intermediate · Free ISO/IEC 27001ISO · Intermediate · Free