I came across your blogs in 2018 while I was thinking of taking ISO certification as I am currently working for ITGC controls. I need some guidance from you with regard to this. I have 4 years of experience in ITGC controls. Currently I am giving interviews for GRC domain. I want to enhance my skills in this area. but what I have worked is very small part of GRC. Could you please guide me on how to prepare for the interviews and what all skills is it necessary to be accurate in? And is it necessary to have hands on experience in whatever the interviewer asks?
ISO 27001 can support part of the Governance, Risk, and Compliance process, so to enhance your skills you also have to consider competences related to COSO and COBIT.
Regarding interviews, the most important thing are not the questions itself, but how you can demonstrate that you are capable to identify business needs (e.g., by interviewing C-level personnel, analyzing documentation, etc.) , translate them on objectives to be implemented and controlled (e.g. by means of strategic and operational plans), and how to ensure such objectives are being fulfilled (e.g., by means of audits, management reviews, etc.). Providing examples of related activities you performed are a good way to show that, and this answer your third question (you need to have hands on experience on this field, because the most valuable GRC personnel brings a lot of experience together with their formal knowledge.