GRC: A non-coding career in the IT sector

It is common to come across freshers from institutions who have pursued degrees in IT but are not interested in conventional coding jobs.

One such rewarding non-coding career option within the IT industry is called Governance, Risk and Compliance (GRC).

National and international authorities frame policy guidelines to regulate the operational activities of industries like Finance, Banking, Insurance, Automobile and Healthcare to mitigate the risks of any negative impacts on larger interests of society.

For instance, banks indulging in money laundering, insurance players dishonoring claim settlement commitments, auto makers not meeting environmental standards, drug makers releasing drugs without enough clinical trial and documentation can all have serious consequences.

Getting companies to adhere to stringent guidelines reduces the risk of these adverse events. That is where the role of the GRC professional comes in.

End-to-end service model

Today, the GRC role involves helping clients comply with mandatory regulatory guidelines set by the governments and agencies. Large IT and ITES companies are increasingly offering GRC services, which are rolled into the multi-year, end-to-end business application, modernisation and management services.

Many of these companies have clients from healthcare, automotive, consumer, hi-tech, energy, banking and financial industries.

Skills and opportunities

Prospective candidates in GRC need to understand industry-specific compliance requirements, have a flair for legal perspectives and have adequate communication skills to deal with global stakeholders.

One also needs to have a meticulous documentation ability to manage the end-to-end life cycle of the GRC processes.

For instance, pharma and medical devices industries need to subject their entire IT systems to a stringent periodic validation and ensure compliance to the guidelines set by agencies like Food and Drug Administration of the USA or European Medicines Agency of EU.

The skill required to carry out the validation is called Computer System Validation (CSV) and candidates from Engineering, Science, Pharma, and Medicine can seek opportunities here as CSV specialists.

Similarly Banking, Financial and Insurance sectors across the globe need to comply with various geography-specific guidelines such as Sarbanes-Oxley Act (SOx), Basel III, Data Privacy, Consumer Privacy, SAS 70, Anti-Money Laundering (AML), BSA, PATRIOT Act etc.

Graduates from Commerce and Law can find good avenues here.

IT industries, audit and consulting firms and core industries offer immense growth prospects for those who develop specialised capabilities in this area. Eventually one can also position and establish oneself as an independent consultant too.

Growth

The GRC market is expected to grow from the current $32 billion to $61 billion by 2025.

IT companies are chasing this growing pie of business which in turn will create significant career opportunities for the interested candidates. Incidences of global crisis like the recent Covid-19 pandemic will only widen the gamut of GRC and make it even more stringent, leading to an expansion of the job market for professionals here.