Can you become an Information Security GRC Manager without a degree?

An alternative career path to becoming an Information Security GRC Manager with its major challenges, possible benefits, and some unconventional ways to hack your way into it.

3 min read Β· Dec. 6, 2023
Can you become an Information Security GRC Manager without a degree?

Yes, it is possible to become an Information Security Governance, Risk, and Compliance (GRC) Manager without a degree. While having a degree can be beneficial and may provide a competitive edge, it is not always a strict requirement for this role. Many employers in the cybersecurity field prioritize skills, experience, and certifications over formal education.

How to achieve this career goal without a degree:

  1. Gain relevant experience: Start by gaining practical experience in the field of cybersecurity and information security. Look for entry-level positions such as security analyst, risk analyst, compliance analyst, or IT auditor. This will help you develop a strong foundation and understanding of the industry.

  2. Acquire industry certifications: Earning industry-recognized certifications can help compensate for the lack of a degree. Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), and Certified Information Privacy Professional (CIPP) are highly regarded in the field of information security and GRC.

  3. Develop a strong skill set: Focus on developing the necessary skills required for an Information Security GRC Manager. These skills include risk assessment and management, compliance management, policy development, security auditing, and project management. Continuously update your knowledge and skills by attending workshops, conferences, and online training courses.

  4. Network and build relationships: Networking is crucial in any career, and the cybersecurity field is no exception. Attend industry events, join professional associations, and connect with professionals in the GRC field. Building relationships can lead to opportunities, mentorship, and valuable insights.

  5. Showcase your expertise: Create a strong professional online presence by sharing your knowledge and insights through blogging, contributing to industry forums, and participating in relevant discussions on social media platforms. This will help establish your credibility and increase your visibility within the industry.

Hacks and advice:

  • Leverage your existing experience: If you have experience in a related field such as IT, risk management, or compliance, highlight the transferable skills and knowledge that can be applied to the GRC role. Emphasize your ability to understand and navigate complex regulatory frameworks.

  • Seek out internships or volunteer opportunities: Consider internships or volunteer positions in information security or GRC departments. These opportunities can provide hands-on experience and help you build a network of professionals in the field.

  • Continuous learning: Stay up to date with the latest trends, technologies, and regulations in the information security and GRC domains. Dedicate time to self-study and engage in continuous learning through online courses, webinars, and industry publications.

Potential difficulties:

  • Lack of formal credentials: Without a degree, you may face challenges in certain organizations that prioritize formal education. However, many employers in the cybersecurity field value practical skills and experience over degrees.

  • Initial entry-level positions: Starting from entry-level positions may be necessary to gain the required experience and skills. Be prepared to work your way up and demonstrate your abilities through practical experience and certifications.

Benefits and differences to a conventional or academic path:

  • Practical skills and experience: The advantage of a non-conventional path is that you can focus on acquiring practical skills and experience directly related to the GRC role. This hands-on experience can often be more valuable than theoretical knowledge gained through a degree.

  • Flexibility and agility: Without the constraints of a conventional academic path, you have the freedom to pursue certifications, gain experience, and build a strong professional network at your own pace. This flexibility allows you to adapt to the rapidly evolving cybersecurity landscape.

  • Cost and time savings: Pursuing a degree can be time-consuming and expensive. By focusing on certifications and practical experience, you can potentially save both time and money while still building a successful career in Information Security GRC.

While a degree can be beneficial, it is not an insurmountable barrier to becoming an Information Security GRC Manager. By gaining relevant experience, acquiring certifications, developing a strong skill set, networking, and showcasing your expertise, you can successfully pursue this career path without a degree.

Featured Job πŸ‘€
Senior IT/Infrastructure Engineer

@ Freedom of the Press Foundation | Brooklyn, NY

Full Time Senior-level / Expert USD 105K - 130K
Featured Job πŸ‘€
Consultant(e) SΓ©curitΓ© du cloud F/H

@ Atos | Lyon, FR

Full Time Senior-level / Expert EUR 50K - 60K
Featured Job πŸ‘€
Risk Management Framework Coordinator Level 3- TS/SCI with Poly

@ Amentum | United States-Maryland-Linthicum-20362-LNM2

Full Time Senior-level / Expert USD 185K - 230K
Featured Job πŸ‘€
Designated Authorizing Official 3 - TS/SCI With Poly

@ Amentum | United States-Maryland-Columbia-20362-VDM4

Full Time Senior-level / Expert USD 177K - 220K
Featured Job πŸ‘€
Systems Engineer

@ Parsons Corporation | USA MD Annapolis Junction

Full Time Senior-level / Expert USD 117K - 210K

Salary Insights

View salary info for Manager (global) Details

Related articles