infosec-jobs.com
Can you become an Information Security GRC Manager without a degree?
An alternative career path to becoming an Information Security GRC Manager with its major challenges, possible benefits, and some unconventional ways to hack your way into it.
Yes, it is possible to become an Information Security Governance, Risk, and Compliance (GRC) Manager without a degree. While having a degree can be beneficial and may provide a competitive edge, it is not always a strict requirement for this role. Many employers in the cybersecurity field prioritize skills, experience, and certifications over formal education.
How to achieve this career goal without a degree:
-
Gain relevant experience: Start by gaining practical experience in the field of cybersecurity and information security. Look for entry-level positions such as security analyst, risk analyst, compliance analyst, or IT auditor. This will help you develop a strong foundation and understanding of the industry.
-
Acquire industry certifications: Earning industry-recognized certifications can help compensate for the lack of a degree. Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Information Privacy Professional (CIPP) are highly regarded in the field of information security and GRC.
-
Develop a strong skill set: Focus on developing the necessary skills required for an Information Security GRC Manager. These skills include risk assessment and management, compliance management, policy development, security auditing, and project management. Continuously update your knowledge and skills by attending workshops, conferences, and online training courses.
-
Network and build relationships: Networking is crucial in any career, and the cybersecurity field is no exception. Attend industry events, join professional associations, and connect with professionals in the GRC field. Building relationships can lead to opportunities, mentorship, and valuable insights.
-
Showcase your expertise: Create a strong professional online presence by sharing your knowledge and insights through blogging, contributing to industry forums, and participating in relevant discussions on social media platforms. This will help establish your credibility and increase your visibility within the industry.
Hacks and advice:
-
Leverage your existing experience: If you have experience in a related field such as IT, risk management, or compliance, highlight the transferable skills and knowledge that can be applied to the GRC role. Emphasize your ability to understand and navigate complex regulatory frameworks.
-
Seek out internships or volunteer opportunities: Consider internships or volunteer positions in information security or GRC departments. These opportunities can provide hands-on experience and help you build a network of professionals in the field.
-
Continuous learning: Stay up to date with the latest trends, technologies, and regulations in the information security and GRC domains. Dedicate time to self-study and engage in continuous learning through online courses, webinars, and industry publications.
Potential difficulties:
-
Lack of formal credentials: Without a degree, you may face challenges in certain organizations that prioritize formal education. However, many employers in the cybersecurity field value practical skills and experience over degrees.
-
Initial entry-level positions: Starting from entry-level positions may be necessary to gain the required experience and skills. Be prepared to work your way up and demonstrate your abilities through practical experience and certifications.
Benefits and differences to a conventional or academic path:
-
Practical skills and experience: The advantage of a non-conventional path is that you can focus on acquiring practical skills and experience directly related to the GRC role. This hands-on experience can often be more valuable than theoretical knowledge gained through a degree.
-
Flexibility and agility: Without the constraints of a conventional academic path, you have the freedom to pursue certifications, gain experience, and build a strong professional network at your own pace. This flexibility allows you to adapt to the rapidly evolving cybersecurity landscape.
-
Cost and time savings: Pursuing a degree can be time-consuming and expensive. By focusing on certifications and practical experience, you can potentially save both time and money while still building a successful career in Information Security GRC.
While a degree can be beneficial, it is not an insurmountable barrier to becoming an Information Security GRC Manager. By gaining relevant experience, acquiring certifications, developing a strong skill set, networking, and showcasing your expertise, you can successfully pursue this career path without a degree.
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Full Time Mid-level / Intermediate USD 107K - 179KInformation Security Engineers
@ D. E. Shaw Research | New York City
Full Time Entry-level / Junior USD 230K - 550KPenetration Tester Manager
@ RSM | USA-IL-Chicago-30 South Wacker Drive, Suite 3300
Full Time Mid-level / Intermediate USD 103K - 207KDelta 6 - Cyber Operations Analyst
@ Apogee Engineering | Colorado Springs, Colorado, United States
Full Time Entry-level / Junior USD 79K - 119KSenior Security Engineer, Cloud Threat Intelligence
@ Google | Reston, VA, USA; Kirkland, WA, USA
Full Time Senior-level / Expert USD 161K - 239KCybersecurity Threat Modeling Engineer
@ Publicis Groupe | Dallas, Texas, United States
Full Time Senior-level / Expert USD 140K+