u/NoBedroom5551

After a period away from industry, I have decided to formally transition into cybersecurity governance, risk, and compliance, building on more than twenty years of experience in regulated, audit‑intensive, and security‑conscious environments rather than beginning from scratch in a new field.

Throughout my career, although my job titles were not formally cybersecurity roles, my responsibilities consistently aligned with governance, risk management, compliance assurance, audit readiness, controlled systems operation, and evidence‑based conformity. These functions map directly to the intent and substance of modern cybersecurity governance, risk, and compliance practice, particularly within regulated and safety‑critical industries.

Over the course of this work, I operated extensively within formal compliance frameworks including GMP‑regulated environments, 21 CFR Part 11 compliant systems, ISO 9001 quality systems, ISO 14644‑1 cleanroom classification, ISO 21501‑4 particle counter standards, and NIST‑traceable calibration practices. I worked within environments where auditability, evidence, and documented conformity were mandatory, and regularly engaged with customer quality teams and audit requirements associated with MHRA‑ and FDA‑regulated operations.

I will be doing the ISO 27001 Lead Implementer course, can I ask for peoples thoughts on this transition, and what the UK job market is really like with this qualification but kinda zero experience directly in that role? TIA

I’m looking for a reality check from people working in cyber GRC, compliance, assurance, or information security management.

My background is 25+ years in regulated technical environments: pharma/aseptic manufacturing, cleanrooms, environmental monitoring systems, validation, calibration, audit readiness, controlled documentation, supplier/customer assurance, and project/service management. I’ve worked with GMP, ISO 9001, ISO 14644, ISO 17025, ISO 21501-4, Annex 1, 21 CFR Part 11, IQ/OQ/PQ, FAT/SAT, risk assessments, evidence trails, and regulated software/system handovers.

I’ve also completed ISC2 CC, and I now have GDPR Practitioner and ISO 20001 Lead Implementer training/qualifications.

I’m trying to move into remote or mostly remote cyber GRC / compliance / assurance roles rather than technical SOC work. Target roles would be things like Cyber GRC Analyst, Information Security Compliance Analyst, Cyber Assurance Analyst, ISO compliance support, vendor/security questionnaire work, audit evidence coordination, or junior ISMS-type roles.

Given my background plus these qualifications, how realistic is it to land remote work in this area? What job titles should I search for, and what gaps would you expect employers to challenge me on?

Any blunt advice welcome.