What Exactly is GRC?

Cybersecurity
Adesola Oguntimehin
April 2, 2026

GRC is the White Team of cybersecurity, I call us “The Peaceful Angels” We’ve heard people say GRC is the non-technical aspect of cybersecurity, this is not 100% true, sorry to disappoint you. There are some technical aspect to GRC that makes you stand out from the “regular” GRC professional such as the use of Data Analytics tools, Active Directory, performing some duties of both the Red and Blue team to detect vulnerabilities and threats… so much more to make you stand out from others in this field.

Most importantly when it comes to standing out, it is necessary but not IMPORTANT to learn a programming language as a cybersecurity expert.

G- Governance. This stands for the general rule that facilitates the implementation of Risk, Policies, Compliance and Frameworks… Governance provides that shield for investors, clients or business partner to have confidence about a business and it contributes significantly to the overall GRC strategy and implementation.

R- Risk. What is Risk?? If you can define risk in your own term then, Risk in GRC is the process of identifying, mitigating, and assessing potential threats and vulnerability within an organization. Identifying threat/vulnerability sounds like something a pen tester/ ethical hacker should involve in yea? As a risk professional, its your duty to identify and mitigate against risks in your organization because exposure to risk may cost you a lot more than ignoring it.

C- Compliance. Comply!!! Adhere to!!! Compliance in GRC means adhering to set rules and regulation governing tools, data, information you have access to. For data we have GDPR which helps regulate the use and processing of individual data. PCI DSS for card transactions, HIPAA for health record governance, SOX for finance, ISO 27001 for Information security… and many more. If your company doesn’t comply to these bodies related to what industry they are, they get fined a huge amount of money. As a compliance officer, its your duty to be sure your organization complies to the policies and set rules.

Basics
Introduction To Cybersecurity by Cisco or any platform that works for you.
> Cybersecurity Essentials by CompTIA (not sure its still there but studying ISC2 will help
> GRC crash course on Udemy

Intermediate Certifications
> CompTIA Security+
> CGRC

Advanced Certification (some can only be written if you have 5 years experience above)
> CISA
> CISM
> CRISC
> CISSP

Some Roles in GRC
GRC Analyst
IT Auditor
Compliance Officer
Policy Writer
Risk Manager
Compliance Analyst
Risk Analyst etc

Transitioning from other career? you’ll have a soft landing in GRC. If you are a lawyer you can work for law firms as data privacy officer, from a science/health related field you can dive into working for health firms understanding HIPAA, from banking, your knowledge of KYC/AML will help you a lot, as a Data Analyst, all your skills matter in this path. There are a lot of opportunities in GRC that can be explored just ensure you have passion for what you’re doing.

Interesting about this field is that you can apply to different roles even after picking a career path, just be sure to know how to perform on that role, tweak your CV towards that role and apply. With or without certification, you can succeed in this path.

Welcome to GRC!!!!

Comment (1)

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active

Who we are

Suggested text: Our website address is: https://discoverdsl.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

Save settings
Cookies settings