Hello, GRC world!

Posted on by Shobhit Mehta

Welcome to the blog!

Let me be honest, when I started my career in 2011, I was working with one of the largest banks in the world, in one of the most sought after careers but I dreaded going to work every day.

Not because I couldn’t do the work or had a bad team, but because I was not knowing what I was doing. When all my friends were learning Mainframes, COBOL, CICS, Java, Manual/Automation testing and doing the so-called “cool-stuff“, I was producing the MI reports (‘Incident and Event reports’ if I remember correctly) which I thought no one even gave heed. I spent the next 2 years working on ‘Identity and Access Management’ and closed 2 global audit points, worked across multiple domains of Information Security but thought the stuff I was doing had very little value. (sigh, how wrong I was!)

Not until late 2014 when I did a couple of internal SumTotal trainings on 3 Lines of Defense and Operational Risk Management, I realized the importance of little strokes I was making each day to complete the canvas. I later came to know the canvas has a name ‘Governance, Risk, & Compliance’ and is one of the most crucial functions to maintain the risk posture of an organization.

It took me a while to understand:

  • the impact of the reports, dashboard, and IAM projects I was working on,
  • the importance of regulations and why are they important,
  • the ‘real’ difference between Governance and Management,
  • the ultimate purpose of audits; etc.

Fast forward 8 years, I have been very fortunate to work with some of the best financial institutions of the world, complete 2 industry recognized certifications (CISM, CISSP), and learn under the supervision of great mentors and leaders in the Information/Cyber Security domain.

That being said, I believe my credentials, real-life experiences, and learnings from the corporate world have provided me with the knowledge required to discuss the nitty-gritty of the GRC world; and henceforth I will be posting regularly about the GRC topics, CISM, CISSP, etc. on the blog.

To receive timely updates about the latest post, please subscribe to the newsletter, drop your email in the comment section, or send an email to shobhit@grcmusings.com.

Best,
Shobhit