Login

u/zacj_rag

▲ 1 r/grc

Any advice to pre-onboard? 'NOT CAREER ADVICE'

I previously posted GRC from Scratch - and your responses were invaluable, really better than any conference, lecture or influencer. You all have my full gratitude.

But I was successful on a new role and will be starting in 3 weeks. The top responsibilities are below. How can I do some pre-onboarding to set myself up for success?

  • Execute Security Assessment & Authorization (SA&A) activities for Government of Canada IT projects.
  • Develop and maintain security documentation, including High Level Designs (HLDs), Detailed Security Design Documents (CONOPS, Access Control Methods), and other security artifacts.
  • Ensure compliance with Government of Canada security standards, Shared Services Canada (SSC) policies, and ITSG‑33 guidelines.
  • Conduct security readiness assessments and guide projects through the process to obtain Authority to Operate (ATO).
  • Collaborate with project teams, system owners, and security stakeholders to identify and mitigate risks.
  • Provide expert advice on security controls, threat modeling, and vulnerability management.
reddit.com
u/zacj_rag — 7 days ago
▲ 15 r/CRISC

Passed today- 150q around 1hr 25mins

I don't think I can give any material tips on the exam. I had no idea how it was going definitely became a lot closer to God.

17yrs operations/security- Cisco/PA/Fortinet/MS-WAF

2024 CISSP - First Cyber Role , Around 1 year of Risk Management trying to build our GRC program. So not a whole lot of practical experience but a lot more Risk Guided decisions in other aspects.

Prep materials -

QAE 6th Edition - prob most useful only for question style. Zero repeats
Official Review Manual 8th edition
Udemy Prabh course - not worth it , questions are from the QAE. I think it more detrimental as it promoted rote memorization of questions.

I honestly thought this was harder than the CISSP which is noted for being a mile wide and an inch deep. Mind you that inch, is not a drop in the bucket either. The language there was more applicable to me.

Lots of KRI/KPI & control questions. Not a single straightforward mention of business objectives but it was implied. This is one where working experience definitely counts for much.

https://preview.redd.it/xqoxthdj4r0h1.png?width=1086&format=png&auto=webp&s=517a2a5be134b301b074279e9a5ffd3763667005

reddit.com
u/zacj_rag — 10 days ago