Career Paths Advise

Hi Everyone, I really appreciate your advise here: What are some possible career paths for an IT System manager? Is GRC & Security path considered as a good choice? Thx.. I don't really consider those "paths," as they are just things that need to be taken into consideration when you are in some form of IT management. If you are asking about them because you are pursuing those skills, then you might want to look into an ISO position. Otherwise, you'd be able to leverage yourself best as a manager by knowing how everything integrates, and how to best leverage the tools and people you have. Hi Creno, Thank you for your comment, actually i'm looking for new paths to improve my skills and enhance my career, i was confused between focusing on ERP business solutions but it was very difficult due to the lack of ERP systems and as the IT manager is taking care of this business part :) The other option was to concentrate on the GRC & Security as it was easier to implement it to our organization by running couple of risk management practice or suggesting applying IT governance framework and so on.. All the GRC really is from what I've seen is just a list of controls from NIST 800-53, where you then go through and input how you are implementing those controls. It's good to assess where you are at in the maturity of your organization's security, but it's just a tool as far as I'm concerned. The place I work at was implementing all of the controls, but the challenge for us was gathering the evidence as proof, as we grew so quickly that the documentation and SOPs didn't quite catch up. Yes, maybe you are right, but in order to employ these tools in a proper way it is very important to understand the stakeholders needs, and make sure their objectives are prioritized and fulfilled aligning with IT goals. My point that GRC is the bridge to move me from the technical day to day activities, to some kind of business knowledge by aligning IT & business together. GRC is a buzzword and a discipline, rather than a career path. If you want to move from technical to understanding the business, look into Operational Risk positions. They are typically low on IT knowledge / skill and thus it is a gap you can fill. Combine IT knowledge with business acumen and it is a niche role that can be played. If you look at many annual papers from the global audit firms and similar consulting houses, such as the "Banana Skins" report which looks at operational risks to businesses, there are many IT-related entries (ranging from Fintech / Digital Disruption, to Insider Data Breaches, to Cybersecurity, etc.) Hi Xendithon, Thank you for your comment, actually i have decided to improve my security skills, my goal to have CISSP, CISM and maybe CISA i believe these certificates will help me more than the GRC path. What do you think? It is very interesting. I'd get the CISSP, and CISA only if you are auditing, but other than that, I'd focus on getting better at your job and looking at pathways within your organisation, and other organisations in a similar field. Certs are worthwhile, but it's experience that gets you better positions.