Career Development Plan Template

Author

Steve McMichael
April 22, 2024

So you want to become a GRC Analyst?

Awesome! Here’s a free Career Development Plan template full of resources that I think you’ll find helpful.

It’s the best-of-the-best I’ve discovered in my mid-career transition to GRC, broken into Harvard’s recommended ratio to grow yourself faster of:

  • 10% Education

  • 20% Relationships

  • 70% Experiences

This template format and the menu of resources inside it would also be helpful to a broad range of other target job areas and career stages.

Your Career Plan: Cybersecurity GRC

What are specific steps you can take to break into Cybersecurity Governance Risk & Compliance?

www.cpatocybersecurity.com/p/your-career-plan

Table of Contents

TARGET JOB

1-2 years

GRC Analyst

3-4 Years

GRC Manager

SKILL ASSESSMENT

Rate your current skill level on a scale from 1 (weakest) to 5 (strongest)

TECHNICAL COMPETENCIES

Compliance & Audit (CISA Domains)

Trust but verify. Are we provably compliant?

  • Domain 1. Information Systems (IS) Auditing Process

  • Domain 2. Governance & Management of IT

  • Domain 3. IS Acquisition, Development & Implementation

  • Domain 4. IS Operations & Business Resilience

  • Domain 5. Protection of Information Assets

Assess Risk (CISSP Domains)

Is risk level within tolerance?

  • Domain 1. Security & Risk Management

  • Domain 2. Asset Security

  • Domain 3. Security Architecture and Engineering

  • Domain 4. Communication & Network Security

  • Domain 5. Identity & Access Management

  • Domain 6. Security Assessment & Testing

  • Domain 7. Security Operations

  • Domain 8. Software Development Security

Instill Governance

Does everyone know the company’s risk appetite, and make decisions aligned to it?

  • Policies

  • Procedures

  • Standards

Speak ‘Security’ With the Business

  • Cyber Risk Management Action Plan (CR-MAP)

  • Customer Security Assurance & Trust Center

ENABLING COMPETENCIES

Source: CPA Competancy Map, which applies perfectly to GRC and many other professions

Acting Ethically & Professionally

  • Ethical Behvaviour

  • Integrity & Trustworthiness

  • Questioning Mindset

  • Due Care

  • Objectivity

Leading

  • Strategic focus

  • Risk Management

  • Organizational Culture Advocacy

  • Influence and Consensus Building

Collaborating

  • Inclusivity

  • Teamwork

  • Relationship Building

  • Project Management

Managing Self

  • Adaptability, Resilience & Agility

  • Initiative

  • Continuous Improvement

  • Talent Management

Adding Value

  • Business Context

  • Creativity and Innovation

  • Performance Evaluation and Accountability

Solving Problems & Making Decisions

  • Issue Identification

  • Analysis

  • Recommendations

  • Implementation and Change Management

Communicating

  • Audience and effectiveness

  • Active Listening

  • Communication

ACTION PLAN

70% EXPERIENCES

Resume bullets to show you can add value from day 1

Hunt (e.g. ask a Mentor) for GRC Stretch Assignments:

  • Prepare for and manage an audit through planning, execution and reporting phases

    • Write a SOC2 System Description or ISO27001 Statement of Applicability

    • Check-in with control owners to document or update control narratives and test a sample

    • Manage a gantt chart and weekly status reports

  • Perform Third Party Risk Assessments

    • Review intake forms and work with requestor to complete risk assessment

    • Send questionnaires to the vendor and/or review their Trust Centre materials

  • Perform Security Risk Assessments

    • Meet with business requestors to fill out a Risk Assessment template and create a Data Flow Diagram

  • Create or review security policies and standards with subject matter experts

  • Run and report on an internal phishing campaign

Subscribe to keep reading

This content is free, but you must be subscribed to CPA to Cybersecurity to continue reading.

I consent to receive newsletters via email. Terms of Use and Privacy Policy.

Already a subscriber?Sign In.Not now