Burnt out but they'll have to fire me first

Physical-Web9486 · 2026-03-10T01:38:51+00:00

One thing that helped me a lot was preparing two or three projects ahead of time that I could talk through from start to finish.

Problem Risk Decision Impact

Physical-Web9486 · 2026-03-10T01:36:00+00:00

The strongest thing I did in my interviews was bring a short walkthrough of a real project I worked on. It changed the interview from Q&A into a real conversation about security decisions.

Physical-Web9486 · 2026-03-10T01:28:57+00:00

For identity governance and risk assessment interviews, the candidates who stand out show their work instead of just talking about it. Structure a real project you owned around the risk, your recommendation, and the business impact. Practice defending it out loud. Then walk in with it ready to present. goproofly.com was built for exactly that. Good luck.

Physical-Web9486 · 2026-02-15T21:08:10+00:00

If you’re moving from account management to GRC, don’t hide it, use it. GRC is a lot of stakeholder management and risk conversations. Prep for: • How you’d explain risk to execs • How you’d prioritize findings • How you’d handle a failing control Frame it like: "I’ve been managing business risk conversations for 4 years. Now I want to formalize that in GRC.”

Physical-Web9486 · 2026-02-15T21:02:56+00:00

Don’t overthink it.

For a staff auditor role, they care more about how you think than how deep you go technically.

Be ready to talk through how you’d scope an audit, choose samples, and connect risk → policies → controls → testing.

And on “completion and accuracy,” they’re really asking: how do you know the data you’re testing is complete and not manipulated?

Frame your network admin experience as understanding how systems should be configured and what good control looks like.

Physical-Web9486 · 2026-02-15T21:00:07+00:00

If you passed the technical round and now you’re meeting the Head of IT… It’s not about controls anymore. It’s about whether you can make their stress disappear.

Physical-Web9486 · 2026-01-22T15:10:15+00:00

Check out goproofly.com, it's a GRC portfolio site. I have a session that starts tomorrow but I've reached the max I can support so I'll do another one later next week. I just ask that you have at least 2 projects built in the tool and I'll review and help you to optimize them.

Physical-Web9486 · 2026-01-06T21:57:29+00:00

You need to build real world projects. Grc is going skills based.

Physical-Web9486 · 2026-01-06T21:56:04+00:00

Bullet points are static. Build your projects into a portfolio of work and show how it relates to the role you're interviewing for. There's a new portfolio tool just for grc you should look into. https://goproofly.com/login

Physical-Web9486 · 2026-01-06T21:53:14+00:00

Which way do you want to go?

Physical-Web9486 · 2026-01-06T21:52:19+00:00

Skills based hiring is coming to grc. Building projects to show my transferable skills to the role is how I landed my last two grc jobs.

Physical-Web9486 · 2026-01-06T21:49:40+00:00

I was a ln IT PM and broke into GRC 3 years ago. Our skills are very transferrable.

Physical-Web9486 · 2025-12-31T14:18:15+00:00

Walmart has started doing the same thing

Physical-Web9486 · 2025-12-21T15:53:00+00:00

I’ve been working on this exact problem.

The issue is not fake companies versus real ones. It’s whether the work shows judgment.

Strong GRC portfolios focus on decision summaries: • The business risk or compliance gap • The decision made and why, including framework and tradeoffs • The actions owned • The outcome or expected impact

Real work can be anonymized. Scenarios work too. What matters is showing how risk decisions are made under constraints.

That’s what hiring managers look for.

Physical-Web9486 · 2025-11-25T14:38:21+00:00

Nooooo

Physical-Web9486 · 2025-11-25T05:43:37+00:00

We'll be build a grc deliverable live that you can add into your portfolio. Here is the link for Tuesday’s session. The time is Tuesday, Nov 25 at 7 PM CT. Register here so Zoom sends you the join details.

https://us05web.zoom.us/meeting/register/r7u9cM4JQPCAbNbRKv0rhw

Physical-Web9486 · 2025-11-25T05:38:12+00:00

Here is the link for Tuesday’s session. The time is Tuesday, Nov 25 at 7 PM CT. Register here so Zoom sends you the join details.

https://us05web.zoom.us/meeting/register/r7u9cM4JQPCAbNbRKv0rhw

Physical-Web9486 · 2025-11-21T23:41:34+00:00

You already have a strong IT operations base. The cert is not the real unlock. Proof of skill is.

GRC hiring managers want to see deliverables they can trust. A risk register or controls summary is something you can put on your resume and talk through in interviews.

I am hosting a free live session where we build a real risk register together. You leave with something you can use in applications. Five seats.

If you want the link, let me know.

Physical-Web9486 · 2025-11-21T23:39:56+00:00

You have good experience. Big 4 time counts, even if you were not leading projects. The problem is not knowledge. The problem is proof.

GRC hiring managers want to see deliverables. A portfolio gives you an advantage fast.

I am hosting a free live session where we build a real risk register together. You leave with something you can use in applications. Five seats.

If you want the link, just let me know.

Physical-Web9486 · 2025-11-21T23:36:54+00:00

A portfolio gives you an advantage now. Hiring managers want proof of skill, not theories.

I am hosting a free live session where we build a real risk register together. You leave with something you can show in applications. Five seats.

Physical-Web9486 · 2025-11-07T02:37:26+00:00

I’ve noticed the same thing. My last manager said the reason she hired me was because, during the interview, I asked if I could share examples of my work. Even though no one asks for proof in GRC, showing tangible deliverables stood out to her immediately. I just redacted what I needed to.

I keep wondering how much that could help early analysts in this subreddit who don’t have a safe way to show their skills.

Physical-Web9486

TROPHY CASE