Careers in Governance, Risk & Compliance

IT Service Management
What you should be aware of

IT Service Delivery Availability Management Service Asset Management
IT Service Support Capacity Management Configuration Management
ITIL Framework Change Management Service Catalogue Management
ITIL Processes Demand Management Service Design
ITIL Best Practices Event Management Service Desk
Supplier Management Financial Management Service Level Management
Access Management Incident Management Service Operation
ITIL Metrics Technology Management Service Portfolio Management
Quality Management Problem Management Service Strategy
Supplier Management Problem Management Service Transition
IT Service Continuity Management Release Management Continual Service Improvement
Information Security Management Deployment Management Request Fulfilment

Suggested certifications:            ITIL, ISO 20000
Certifying organizations:          APMG, IRCA


Information Systems Audit
What you should be aware of

IS Acquisition and Development BCP / DR IT Architecture
IS Implementation and Operations Business Impact Analysis IT Strategy
IS Maintenance and Support Data Backup / Storage IT Policy
IS Audit Requirements Database Administration IT Procedures
Sampling Methodologies System Resilience IT Standards
Audit Framework Logical Access Controls IT Governance
Audit Project Management Physical Access Controls Internal Controls
Audit Report Encryption Risk Assessment
Quality Assurance Public Key Infrastructure Enterprise Risk Management
Service Level Management Security Protocols Maturity Models
Third Party Compliance Network and Internet Security Process Optimization
Protection of Information Assets Patch Management IT Service Management

Suggested certifications:           ITIL, CISA
Certifying organizations:         APMG, ISACA


Governance, Risk & Compliance
What you should be aware of

Governance Framework IT Governance Controls Risk Identification
Control Objectives IT Governance Implementation Risk Classification
Control Practices IT Governance Model Risk Assessment
Internal Controls ITGC Audit Risk Analysis
Control Models ITIL Framework Risk Mitigation
Controls Self Assessment ISO 20000 Process Risk Control Matrix
Response Strategy ISO 27001 Process Risk Identification
COBIT Framework Process Capability Monitoring
SOX Requirements Process Controls Performance Measurement
Attestation Standards Process Governance Balanced Scorecard
IT Service Management Process Optimization Maturity Models
Enterprise Risk Management Continual Improvement of IT Value CMMI

Suggested certifications:            ITIL, CISA, COBIT, CRISC
Certifying organizations:          APMG, ISACA


For specific information on various certifications and their pre requisites visit our training synopsis on Governance, Risk & Compliance.

The first step to choosing a career in Governance, Risk & Compliance (GRC) is to determine the area of interest.

  • Do you want to focus on information systems audit?
  • Or is your interest more in quality and service management?
  • Or in implementing IT controls to manage processes?
  • Maybe, a risk management professional responsible for ERM?
  • Or a BCMS consultant who implements international standards such as ISO 22301?

Certifications can be a great help, since you will learn a lot about GRC and also validate your knowledge of the domain.

Those interested in GRC should pursue certifications that will help them gain skills in defining IT controls, auditing information systems and processes and managing business risk across the enterprise.

Entry level certifications such as the Information Technology Infrastructure Library (ITIL) certification from the APM Group (APMG), the Official Accreditor of the Office of Government Commerce, UK will help provide a good foundation for process and service management guidelines.

The Information Systems Audit and Control Association (ISACA) offers training and certifications for those interested in auditing. Its Certified Information Systems Auditor (CISA) certification is one of the most popular certification for auditors.

For those interested in more-specific IT governance certifications, ISACA in association with Information Technology Governance Institute (ITGI) has certifications like Control Objectives for Information & related Technology (COBIT).

ISACA also has the Certified in Risk and Information Systems Control (CRISC), a certification for those responsible for managing business risk for enterprises and capable of implementing appropriate IS controls.

A good understanding of how to implement international standards such as ISO 20000 for Information Technology Service Management, BS 25999 Business Continuity Management Systems, PCI DSS Payment Card Industry Data Security Standard is considered quite important for those aspiring for a career in GRC.

Customer Feedback