Beyond the technical roles: GRC

Are you interested in the world of cyber security and technology but assume a technical background is the only way in? Think again! There are multiple roles within cyber security and tech that don’t involve technical hands-on skills. These roles can also transition into more technical roles due to their transferable skills and on-the job-learning. An often overlooked role within the non-technical side of cyber security and tech is Governance, Risk, and Compliance (GRC).

Rachel Gentry

Managing Director at RTG Commercial Services Ltd

With a BA (Hons) in Retail Marketing and professional qualifications in Marketing and Procurement, Rachel started her Cyber Security career in 2009 when she joined Cabinet Office as Deputy Director, Government ICT Strategy. Having worked in technology procurement for over 10 years, Rachel was fascinated by the opportunities and challenges that technology brings.  With no prior cyber security experience, Rachel found government ICT to be a fantastic combination of policy, technology, and change. It didn’t take her long to realise that she wanted to embrace her understanding of technology and combine it with her skills and experience in policy, risk, and governance. In 2017, Rachel set up her own business, aiming to continue learning about technology and share her industry insights and knowledge. Five years later and Rachel has designed and launched an industry Counter Fraud certification scheme, worked on a national police forensics platform and implemented operational governance, risk, and compliance systems to successfully meet the ISO27001 certification requirements of four organisations.

Cyber Security Governance, Risk, and Compliance 

Cyber security governance, risk, and compliance (GRC) allows you to immerse yourself in technology of all flavours. Throughout your career, you’ll be learning about technology, it’s risks and threats, advising technologists and business leaders on how to securely implement technology without compromising delivery and performance. These experiences will hugely develop your cyber security and technology knowledge, whilst adding other technical skills such as risk management, stakeholder engagement and project delivery. Here are a couple of key insights into how my role plays a significant part in the cyber security industry.

Unleashing the power of technology

GRC means diving deep into learning and understanding all things related to cyber, including understanding threats, vulnerabilities, solutions for mitigating risks, continuous innovation (think AI, cloud computing, new types of malware), and much more. By mastering cyber security content, you’ll soon realise you know a lot more about cyber security risks and mitigations than you think.

Bridging the Gap Through Conversations

Being in GRC means not only understanding risks but also engaging in conversations with technical experts and business leaders to identify appropriate mitigations. Through workshops, policy drafting, assuring technical designs and implementations, and participating in the multitude of events (in person and online) you’ll soon find yourself sharing knowledge and engaging in discussions that unlock a wealth of technical insights.

Learning on the Go

One of the remarkable aspects of this journey is the opportunity to learn on the job. Every project becomes a platform for learning about cyber security, helping you transform into someone on top of technical designs and delivery. As you translate technical concepts for non-technical audiences, you’ll discover your own evolution into a tech-savvy enthusiast. For those delivering in multiple technology organisations, the learning journey extends further. Engaging with the technical teams within the organisation, you’ll find yourself seamlessly learning as you go! Insights from colleagues and clients widen your perspective. I’ve learned so much just from being around my security consultant colleagues and friends, and participating in specialist communities.

The Network Connection

For me, networking is a key part of GRC and cyber security, albeit one I’m not great at. From connecting at industry events to creating relationships with those you meet at them; you’ll create a network that nurtures your growth and opens doors to learning and collaboration. The security community can seem a closed shop, but everyone is generous in sharing opinions and experience – and always happy to offer advice.  Embrace the excitement of community events and cyber summits, attend all the different talks and workshops and comment on articles you see online.  These events aren’t exclusive to security experts; they’re gateways to deeper insights, practical skills, and connections – and opportunities to expand your knowledge and understanding.

Soft Skills Paving the Way

The ‘soft skills’ within GRC are your secret tools. Think problem-solving, where you unravel challenges and threats, and curiosity, which helps in navigating the ever-changing cyber landscape. Your communication skills become the bridge that spans the gap between technical jargon and the wider world. Presenting and reporting are a large part of both GRC and cyber security and being able to explain security and technology concepts to business leaders is an essential skill.

In an industry defined by innovation and change, GRC provides a path that merges structure and innovation with technical knowledge. Sharing knowledge and educating others about cybersecurity – working alongside development and technology teams is why GRC is fundamental to a safer digital world.

P.S. You may feel that the cyber security world can be a bit intimidating or daunting, but speaking to individuals in the industry and the relationships I have built have been invaluable.  Often, I’m the only woman in the room but so many people in the industry are eager to share their knowledge and help others. Go out there and introduce yourself as someone willing to learn – and pay it forward whenever you can. It’s worth it!

InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. With the success of companies fundamentally driven by the quality of their people, acquiring and retaining talent has never been more important. We believe that recruitment, executed effectively, elevates and enables your business to prosper.

We also understand that cyber and information security recruitment can genuinely change people’s lives, that’s why we take the duty of care to those we represent very seriously. All our actions are underpinned by our core values:

  • Always do the right thing
  • Be the best we can be
  • Add value

We work with businesses in the cyber/tech arena, from start-ups and scale-ups to FTSE100 and central Government, many of whom are always looking for great people.

Call us directly on 01242 507100 to discuss opportunities or email