GRC and ISO 27001
Assign topic to the user
Answer:
ISO 27001 can support part of the Governance, Risk, and Compliance process, so to enhance your skills you also have to consider competences related to COSO and COBIT.
Regarding interviews, the most important thing are not the questions itself, but how you can demonstrate that you are capable to identify business needs (e.g., by interviewing C-level personnel, analyzing documentation, etc.) , translate them on objectives to be implemented and controlled (e.g. by means of strategic and operational plans), and how to ensure such objectives are being fulfilled (e.g., by means of audits, management reviews, etc.). Providing examples of related activities you performed are a good way to show that, and this answer your third question (you need to have hands on experience on this field, because the most valuable GRC personnel brings a lot of experience together with their formal knowledge.
These articles will provide you further explanation about COSO, COBIT and Governance:
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
This material will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 10, 2019