Dr. Iretioluwa Akerele, co-founder of CyBlak and a cybersecurity career coach and mentor, tweeted a compilation of the top skills required for a GRC analyst for professionals aspiring to excel in the field. Iretioluwa is a cybersecurity professional with over 8 years of experience in information security, data privacy, regulatory compliance, the implementation of security controls, and risk governance. She has demonstrated the ability to supervise and lead teams across different functions.
Also read: Common Scams in the United Kingdom to Watch Out for in 2023
Her areas of specialization are privacy and identity management, incident response planning and testing, vulnerability and patch management, risk management, asset management, stakeholder management, security awareness training, cybersecurity governance, third-party management, intrusion detection, business continuity and disaster recovery, project management, quality assurance, security assessments, and policy formulation.
According to her tweet, she went through 55 GRC Analyst job descriptions (United Kingdom, United States of America, Canada, Nigeria, Ghana, and Ireland) and came up with ten (10) top skills that are required of a GRC Analyst. Some of the job titles seen in the job descriptions (JDs) are Information Security Officer, GRC Analyst, Information Security Analyst, Information Risk and Security Engineer, and Risk Analyst.
Here are the ten (10) most important skills required of a GRC analyst:
- Knowledge of best practice standards and frameworks: To get this knowledge, it is recommended that you download the standard or framework you want to learn and test it by applying it in an organization to sharpen your skills.
- Security Awareness and Training: Learn how to develop an awareness program (think about ways to share cybersecurity awareness using various methods—blogs, posters, virtual or physical training, quizzes, emails, etc.). Visit Wizer training and getgophish for additional content on learning security awareness.
- Policy Development and Compliance: Download information security policy templates from the SANS Institute and use them as a guide to create sample policies.
- Risk Management
- Third-party assurance
- Security Auditing
- Incident Response: Use the NCSC Exercise in a box to get familiar with real scenarios (Free)
- GRC Tools: Download GRC tools and use them as a guide to get familiar with GRC tools
- Data Privacy and Protection: Familiarize yourself with GDPR, NDPR, HIPAA, and the NIST Privacy Framework (depending on your location).
- Information Security Management: Implement Information Security Controls using best practice standards and frameworks (refer to 1)
She also attached some resources that can help people get the required skills. Link to the resources.
The top five certifications are seen in the job descriptions:
- ISO 27001 LI, CISM, CRISC, CISSP, and CISA (Note, most of the certificates require some years of experience.)
- Other certifications, as seen in the JDs: ISO 22301 LI, ITIL, CompTIA Security +, CIPP, GSEC, GSNA, and GIAC
The top standards and frameworks seen in the job descriptions are:
- US and Canada NIST CSF, ISO 27001, HIPAA, PCI DSS, SOC 1, SOC 2, COBIT, SOX, CI
- Other Countries: NIST CSF, ISO 27001, PCI DSS, SOC 2, GDPR, NDPR, COBIT, CIS
By going through the training and certifications, you gain confidence and can showcase to organizations, and customers that you have a basic understanding and expertise as a GRC analyst. You can also gain hands-on experience through internships.
Finally, here are the top soft skills seen in the JDs: critical thinking, problem-solving, communication skills, stakeholder management, adaptability, presentation skills, attention to detail, time management, analytical skills, collaboration, and reporting skills.
For more information, visit www.akereleiretioluwa.com.
Article source: Dr Iretioluwa Akerele(@ireteeh)
Published and modified by: Ndaman Joshua Olayinka, Editor, Yinksmedia