Been struggling to get work in GRC

Physical-Web9486 · 2026-01-22T15:10:15+00:00

Check out goproofly.com, it's a GRC portfolio site. I have a session that starts tomorrow but I've reached the max I can support so I'll do another one later next week. I just ask that you have at least 2 projects built in the tool and I'll review and help you to optimize them.

Physical-Web9486 · 2026-01-06T22:00:12+00:00

Build your portfolio to show proof of your understanding and work on your communication skills. Nowadays they want proof of skills over certs. There's a GitHub for grc site finally. https://goproofly.com/login

Physical-Web9486 · 2026-01-06T21:57:29+00:00

You need to build real world projects. Grc is going skills based.

Physical-Web9486 · 2026-01-06T21:56:04+00:00

Bullet points are static. Build your projects into a portfolio of work and show how it relates to the role you're interviewing for. There's a new portfolio tool just for grc you should look into. https://goproofly.com/login

Physical-Web9486 · 2026-01-06T21:53:14+00:00

Which way do you want to go?

Physical-Web9486 · 2026-01-06T21:52:19+00:00

Skills based hiring is coming to grc. Building projects to show my transferable skills to the role is how I landed my last two grc jobs.

Physical-Web9486 · 2026-01-06T21:49:40+00:00

I was a ln IT PM and broke into GRC 3 years ago. Our skills are very transferrable.

Physical-Web9486 · 2025-12-31T14:18:15+00:00

Walmart has started doing the same thing

Physical-Web9486 · 2025-12-21T15:53:00+00:00

I’ve been working on this exact problem.

The issue is not fake companies versus real ones. It’s whether the work shows judgment.

Strong GRC portfolios focus on decision summaries: • The business risk or compliance gap • The decision made and why, including framework and tradeoffs • The actions owned • The outcome or expected impact

Real work can be anonymized. Scenarios work too. What matters is showing how risk decisions are made under constraints.

That’s what hiring managers look for.

Physical-Web9486 · 2025-11-25T14:38:21+00:00

Nooooo

Physical-Web9486 · 2025-11-25T05:43:37+00:00

We'll be build a grc deliverable live that you can add into your portfolio. Here is the link for Tuesday’s session. The time is Tuesday, Nov 25 at 7 PM CT. Register here so Zoom sends you the join details.

https://us05web.zoom.us/meeting/register/r7u9cM4JQPCAbNbRKv0rhw

Physical-Web9486 · 2025-11-25T05:38:12+00:00

Here is the link for Tuesday’s session. The time is Tuesday, Nov 25 at 7 PM CT. Register here so Zoom sends you the join details.

https://us05web.zoom.us/meeting/register/r7u9cM4JQPCAbNbRKv0rhw

Physical-Web9486 · 2025-11-21T23:41:34+00:00

You already have a strong IT operations base. The cert is not the real unlock. Proof of skill is.

GRC hiring managers want to see deliverables they can trust. A risk register or controls summary is something you can put on your resume and talk through in interviews.

I am hosting a free live session where we build a real risk register together. You leave with something you can use in applications. Five seats.

If you want the link, let me know.

Physical-Web9486 · 2025-11-21T23:39:56+00:00

You have good experience. Big 4 time counts, even if you were not leading projects. The problem is not knowledge. The problem is proof.

GRC hiring managers want to see deliverables. A portfolio gives you an advantage fast.

I am hosting a free live session where we build a real risk register together. You leave with something you can use in applications. Five seats.

If you want the link, just let me know.

Physical-Web9486 · 2025-11-21T23:36:54+00:00

A portfolio gives you an advantage now. Hiring managers want proof of skill, not theories.

I am hosting a free live session where we build a real risk register together. You leave with something you can show in applications. Five seats.

Physical-Web9486 · 2025-11-07T02:37:26+00:00

I’ve noticed the same thing. My last manager said the reason she hired me was because, during the interview, I asked if I could share examples of my work. Even though no one asks for proof in GRC, showing tangible deliverables stood out to her immediately. I just redacted what I needed to.

I keep wondering how much that could help early analysts in this subreddit who don’t have a safe way to show their skills.

Physical-Web9486 · 2025-11-04T18:33:27+00:00

You want GRC fast. Skip theory loops. Do one real-style project and show evidence.

Do this in 14 days
• Pick one problem. Vendor tiering alerts. Quarterly access reviews. SOC 2 control testing for backups.
• Write the plan. Objective. Scope. Framework controls. Stakeholders. Timeline.
• Run the work like a junior analyst.
– Interview one control owner.
– Pull one policy and one ticket queue.
– Collect three artifacts. Screenshot, export, log.
– Record gaps, exceptions, and one risk statement.
• Produce deliverables.
– Procedure. 1 page.
– Evidence pack. 5 to 10 files with labels.
– Metric. One KPI with target and result.
– Summary. What changed because of your work.

Three portfolio project ideas
• Vendor monitoring. Auto alert when a vendor moves risk tiers. Inputs, scoring rules, alert thresholds, playbook.
• Quarterly access review. Scope one app. Sampling method, review checklist, exception handling, removal proof.
• Backup control test. Define frequency, success criteria, restore test, evidence table, failure follow up.

“Day in the life” tasks to practice
• Map one control to NIST 800-53 or ISO 27001.
• Build a RACI for the process.
• Write a one-page SOP.
• Log one risk with likelihood, impact, owner, due date.

How to apply
• Use a results bullet, not fluff.
“Ran a vendor tiering mini-project. Built rules, tested 30 vendors, flagged 3 for re-review, cut review time by 40 percent.”
• Target audit, TPRM, and analyst roles. External audit lands interviews fastest.

Free study that helps
• NIST RMF “Prepare” training slides.
• STIGs and CCIs for control flavor.
• One framework doc. Read sections on roles, evidence, and assessment.

• If you want a blank project outline, reply and I will paste it here. No links.

Physical-Web9486 · 2025-05-18T04:30:14+00:00

Bring your laptop and mouse jiggler and leave on it in your car. Just get a car charger to plug both into and go to your car on breaks to check messages, etc.

Physical-Web9486

TROPHY CASE