Information Security

GRC

Builds enterprise resilience through frameworks, audits, and board-level risk communication. Creates CISOs who speak C-suite language and transform security from cost center to business enabler.

Leads to: CISO

Career Progression

Rotational Tours · L1–L3

Build the craft. Prove you can wield the tools of Information Security.

Associate GRC Analyst

Junior GRC Analyst

Senior GRC Analyst

Transformational Tours · L4–L7

Deliver outcomes. Each tour has a defined mission and success criteria.

Staff GRC Analyst / Manager, Security

Senior Staff GRC Analyst / Senior Manager, Security

Director, GRC

Senior Director, GRC

Foundational Tours · L8–L10

Shape the organization. Build institutions, not just products.

VP, GRC

SVP, GRC

What Hiring Managers Look For

•

L1-L3: Demonstrate you can translate regulatory requirements into actionable technical controls and speak fluently to both auditors and engineers.

•

L4-L6: Show evidence of designing compliance programs that actually reduced business risk rather than just checking boxes, with metrics to prove it.

•

L7+: Board members evaluate whether you can articulate cyber risk in business terms and have a track record of preventing regulatory disasters that could sink the company.

Common Career Transitions

→

GRC → Product Security at L4-L5 for hands-on technical risk assessment

→

GRC → Security Architecture at L5-L6 to design preventive controls rather than detective ones

→

GRC → Privacy Engineering at L4-L6 leveraging regulatory expertise in emerging data protection landscape

← All Information Security variants Browse all careers