Compliance Analyst (GRC)

Master Governance, Risk, and Compliance. Learn security frameworks, risk assessment methodologies, and how to build an audit-ready compliance program.

📚 4 topic areas🔗 12 curated resources📝 10 quiz questions

What you'll cover

Security Frameworks

Understand the major security frameworks: NIST CSF, ISO 27001, SOC 2, PCI DSS, and CIS Controls.

🔗

NIST Cybersecurity Framework 2.0

The most widely-adopted cybersecurity framework globally

🔗

ISO 27001 Overview

International standard for information security management

🔗

SOC 2 Explained

AICPA guide to SOC 2 Trust Service Criteria

Risk Assessment

Identify, analyze, and prioritize risks using qualitative and quantitative methods.

🔗

NIST Risk Management Framework (RMF)

Structured process for managing information security risk

🔗

FAIR Risk Quantification

Factor Analysis of Information Risk — quantitative risk model

🔗

ENISA Threat Landscape

EU Agency for Cybersecurity annual threat landscape report

Audit Preparation

How to prepare for and survive security audits: evidence collection, control testing, and gap assessments.

🔗

ISO 27001 Audit Checklist — IT Governance

Practical ISO 27001 audit preparation checklist

🔗

SOC 2 Audit Preparation Guide

Step-by-step SOC 2 readiness guide

🔗

CIS Controls Self-Assessment Tool

Free tool to measure your CIS Controls implementation

Policy Writing & Reporting

Write effective security policies and create board-level GRC reports that drive decisions.

🔗

SANS Security Policy Templates

Free security policy templates from SANS

🔗

How to Write a CISO Report for the Board

ISACA guide on board-level security reporting

📄

Microsoft Security Copilot for GRC

AI-assisted compliance and risk reporting

Knowledge Check

Path Summary

Level: Beginner
Estimated time: 9 hours
Topics: 4
Resources: 12
Quiz questions: 10
Passing score: 70% (7/10)

Take the Quiz

Browse all paths

View all 10 paths →