Transitioned to GRC
Hello everyone,
I have recently switched to GRC after working as a Penetration tester for 1 year.
I need some advise on how can I improvise in GRC. Everything is so different in GRC. It's been only 2 week since I transitioned to GRC and now all those documents kinda overwhelm me. Currently, I am assigned to focus on NDA ECC and DCC and PDPL laws, later on I will have to work on ISO standards and NIST frameworks.
Now, I want some advise on how can I improvise my learning in this field as Everything feels so overwhelming and there is too much reading stuff. My brain let's overwhelmed after a few hours of reading. I know in GRC you have to read a lot and that's not an excuse. But, if there are any tips on how can I make those boring guidelines, interesting?
And one more problem that I am facing is the policies written by companies are way too generic and I mean it. Coming from the Penetration testing background, where we have to write reports in a bit of detail, these policies making and gap assessment against those generic policies overwhelms me a lot.
Need advise please.