Traditionally, cyber GRC (governance, risk, and compliance) was managed by IT teams or compliance specialists alongside their numerous other responsibilities, with varying levels of success and efficiency. However, with regulations increasing in number and networks becoming larger and more complex, that’s no longer a satisfactory solution.
I’m glad to see more and more companies establishing cyber GRC teams, but they need to know what roles to include and which skills to look for, while job seekers need to know how to position themselves for success.
Key Roles for Your Cyber GRC Team
The exact roles within your cyber GRC team will depend on a number of factors. It’s not just about the size of your team and your organization, but also its complexity in terms of business units and geographies, the types of tech and infrastructure it uses, and the nature of the regulatory landscape within which it operates.
That said, every cyber GRC team needs four key roles: GRC lead, compliance analyst, cyber security analyst, and risk analyst. In larger organizations, you might build out the last three roles into full teams for cybersecurity, risk, and compliance analysis. Here’s…
