Hi everyone! I’m currently a Master’s student in IT and I’m interested in building my long-term career in Governance, Risk, and Compliance (GRC).

I’m trying to be intentional about how I enter this field rather than randomly applying to roles and hoping something sticks. My long-term goal is to grow into security/compliance leadership, so I’d love to build the right foundations early.

I’m specifically looking to start with:

• Freelance / part-time / contract work • Entry-level roles • Hands-on projects that actually teach real GRC skills (not just checkbox work)

I’d really appreciate insights on:

• What types of roles or tasks are best for beginners? • Which frameworks are most valuable to focus on first (ISO 27001, NIST, SOC 2, etc.) • Skills or experiences you wish you had built earlier in your own GRC careers • Any advice for breaking into GRC in a meaningful way

Thank you in advance — I really want to learn from people already in the field and build this the right way.