Wanting transition from a more technical role to a GRC role, i’ve been job hunting and finally been offered a position as an “IS security risk analyst”.
In my previous role i was the sole consultant with a security background. I did everything from risk assessment to implementing/testing controls. This role seems to be just risk assessment / analysis but deeper level. More auditing work as well (i was always on the other side of this).
My question is for those who are already in or transitioned into this type of role.
Is it stressful?
How much on-call / overtime / emergency calls do you do?
Any tips for someone who was a security jack of all trades to now in a more specialized GRC role?