Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

GRC and ISO 27001

  Quote
Guest
Guest user Created:   Jan 10, 2019 Last commented:   Jan 10, 2019

GRC and ISO 27001

I came across your blogs in 2018 while I was thinking of taking ISO certification as I am currently working for ITGC controls. I need some guidance from you with regard to this. I have 4 years of experience in ITGC controls. Currently I am giving interviews for GRC domain. I want to enhance my skills in this area. but what I have worked is very small part of GRC. Could you please guide me on how to prepare for the interviews and what all skills is it necessary to be accurate in? And is it necessary to have hands on experience in whatever the interviewer asks?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 10, 2019

Answer:

ISO 27001 can support part of the Governance, Risk, and Compliance process, so to enhance your skills you also have to consider competences related to COSO and COBIT.

Regarding interviews, the most important thing are not the questions itself, but how you can demonstrate that you are capable to identify business needs (e.g., by interviewing C-level personnel, analyzing documentation, etc.) , translate them on objectives to be implemented and controlled (e.g. by means of strategic and operational plans), and how to ensure such objectives are being fulfilled (e.g., by means of audits, management reviews, etc.). Providing examples of related activities you performed are a good way to show that, and this answer your third question (you need to have hands on experience on this field, because the most valuable GRC personnel brings a lot of experience together with their formal knowledge.

These articles will provide you further explanation about COSO, COBIT and Governance:
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/

This material will also help you regarding ISO 27001:
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 10, 2019

Jan 10, 2019

Suggested Topics

Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

IT-GRC and ISO 27001

Guest user Created:   Sep 07, 2020 ISO 27001 & 22301
Replies: 1
0 0

Implementation of ISMS