Audit-Ready GRC Portfolio Builder™ | Course 2

Course 2 Landing Page

Build an audit-ready GRC portfolio you can explain in an interview.

You have studied GRC. You may understand risk, controls, SOC 2, policies, and compliance. But knowing the terms is different from being able to show the work.

Course 1

Helps you identify and prioritize GRC risk.

Course 2

Helps you build the documents, controls, and evidence needed for audit readiness.

Enroll in the Hybrid Course — $497 Enroll Self-Paced — $297

Lifetime access. Practical portfolio work. Built for career changers entering GRC.

The Problem

You do not need more theory. You need work you can show.

Many people study GRC but still struggle when it is time to explain what they can actually do.

“Can you walk me through a control library you built?”

“How would you organize evidence for an audit?”

“How would you document vendor risk?”

Many candidates can define controls. They can name frameworks. They can talk about SOC 2.

But when a hiring manager asks them to explain the work, that is where many candidates get stuck.

This course helps close that gap. You will not just hear about GRC work. You will build the work.

The Promise

By the end, you will have an operational GRC portfolio.

You will work through TechFlow, a healthcare technology company preparing for its first SOC 2 Type II audit.

Inside the course, you will build the core documents GRC analysts use to support audit readiness.

You will leave with practical, case-study-based work you can organize, explain, and discuss in interviews without overstating your experience.

Artifact 01

Scope, Asset, and Data Documentation

Document what is in scope, what systems matter, and how sensitive data is classified.

Artifact 02

Security and Vendor Risk Policies

Create policy documentation that supports governance, accountability, and audit readiness.

Artifact 03

SOC 2 Control and Evidence Documentation

Build the structure needed to connect controls, evidence, and audit expectations.

Artifact 04

Vendor Risk and Customer Assurance Materials

Assess vendors and prepare consistent responses for customer security reviews.

Artifact 05

Incident Response and Tabletop Documentation

Prepare documentation that shows response planning, accountability, and audit support.

Artifact 06

90-Day Audit Readiness Plan

Bring the portfolio together with a practical readiness plan that shows next steps.

What’s Inside

Five modules plus a capstone. One continuous case study.

Each module helps you build a different part of TechFlow’s operational GRC program.

Module 1

Scope, Systems, Data, and Vendors

Define what is in scope, identify systems and data, classify sensitive information, and document vendors, subprocessors, and cloud providers.

Module 2

Policies and Governance

Create policies that support governance, accountability, vendor risk, and audit readiness.

Module 3

Controls and Evidence

Build the control and evidence structure needed for SOC 2 readiness.

Module 4

Vendor Risk and Customer Assurance

Assess vendor risk and prepare consistent responses for customer security reviews.

Module 5

Incident Response and Audit Support

Prepare incident response documentation and organize evidence for audit support.

Capstone

Portfolio Walkthrough

Bring the full portfolio together and practice explaining your work clearly and professionally.

How the Course Works

Watch. Build. Explain.

The course is designed to move you from understanding concepts to producing work you can discuss in interviews.

Watch

Each lesson focuses on one operational GRC concept so you understand what the document is, why it matters, and how it supports audit readiness.

Build

You use worksheets and templates to create portfolio artifacts through the TechFlow case study.

Explain

You practice walking through your work so you can describe what you built, what problem it solves, and how it connects to GRC responsibilities.

Who This Is For

This course is for learners ready to move from studying GRC to building GRC work.

This is a good fit if you:

✓Completed Course 1 or already understand basic GRC concepts.
✓Want practical portfolio work, not just definitions.
✓Are preparing for junior GRC, compliance, risk, vendor risk, or audit support roles.
✓Come from IT, audit, project management, healthcare, operations, compliance, or another adjacent field.
✓Want to explain your GRC skills more clearly in interviews.

This is not a good fit if you want:

✕A quick overview with no assignments.
✕Certification exam prep.
✕A course where you only watch videos and do not build documents.
✕Advanced senior-level GRC strategy.

Dr.
Rose
Shumba

Meet Your Instructor

Meet Dr. Rose Shumba

I help career changers build real GRC portfolio proof.

Many capable people study hard, learn the frameworks, and pass certifications, but still struggle in interviews because they cannot show the work.

That is the gap this course is designed to close.

Inside this program, you do not just hear about control libraries, vendor risk, evidence tracking, and audit readiness. You build those documents through a realistic case study and practice explaining them professionally.

Dr. Rose Shumba GRC Educator · Founder, Kudzai Edu Group

Choose Your Enrollment Option

Enroll Today

Choose the level of support that fits how you want to complete the course.

Best for live support

Hybrid Course

Best for learners who want live support and feedback.

$497

✓Full course access
✓50 video lessons
✓Worksheets and templates
✓Weekly live sessions with Dr. Shumba
✓Feedback on portfolio artifacts
✓Mock hiring panel preparation
✓Lifetime access

Enroll in the Hybrid Course — $497

Independent option

Self-Paced Course

Best for learners who want to complete the course independently.

$297

✓Full course access
✓50 video lessons
✓Worksheets and templates
✓Mock hiring panel preparation
✓Lifetime access

Enroll in the Self-Paced Course — $297

Frequently Asked Questions

Questions before you enroll?

Course 1 is strongly recommended because it helps you assess TechFlow’s situation, identify risks, understand frameworks, and build a defensible risk register. This course builds on that foundation by helping you create the operational GRC documents that come next.

Course 1 focuses on risk analysis, framework awareness, security gaps, and the risk register. Course 2 focuses on operational GRC artifacts: policies, controls, evidence tracking, vendor risk, incident response, SOC 2 readiness materials, and audit support.

No. This is not certification exam prep. This is a hands-on portfolio-building course.

Yes. You will receive a certificate of completion from Kudzai Edu Group.

That is why the course uses a realistic case study. You build the work in a guided environment and learn how to explain it clearly.

Most people can complete the course in 8 to 12 weeks, depending on their schedule and how much time they spend on the portfolio assignments.

Ready to build your audit-ready GRC portfolio?

Stop only describing GRC work. Start building it.

Enroll in the Hybrid Course — $497 Enroll in the Self-Paced Course — $297

Lifetime access. Practical portfolio work. Built around the TechFlow SOC 2 readiness case study.