Learn How GRC Analysts Execute β and Build the Audit-Ready Portfolio That Proves It.
In Course 1, you built TechFlow's Risk Register. In Course 2, you build the policies, controls, vendor assessments, and evidence that prove every risk in that register is being managed β the way a SOC 2 Type II auditor needs to see it.
Over 6 weeks, you take TechFlow Solutions from βrisks identifiedβ to βaudit-ready.β You produce 22 operational artifacts across 6 modules: scope and data documentation, policies, controls and evidence, vendor risk, incident response, and audit readiness.
You leave with proof that you can build, document, and defend an operational GRC program β not just describe one.
Best for: GRC professionals and serious career changers ready to show employers operational depth, not just conceptual understanding.
Led by Dr. Rose Shumba, PhD Β· 20+ years in cybersecurity education Β· Former NSA/DHS Center of Academic Excellence Director Β· Featured in The New York Times Β· 500+ career transitions supported
Welcome from Dr. Rose Shumba
Start with this welcome video to understand how Course 2 continues the TechFlow case study and what audit-ready operational GRC work means.
See How Course 2 Builds the Audit-Ready Portfolio
This overview walks you through the Course 2 structure, the TechFlow SOC 2 readiness scenario, and the operational artifacts you will build across the course.
Course 2 Podcast: What Audit-Ready GRC Work Looks Like
A short industry conversation on why policies, controls, evidence, vendor risk, and audit-readiness matter in operational GRC roles.
You do not need more theory. You need work you can show.
Many people study GRC but still struggle when it is time to explain what they can actually do.
They can define controls. They can name frameworks. They can talk about SOC 2.
But when a hiring manager asks them to show and explain the work, that is where many candidates get stuck.
This course helps close that gap. You will build the work.
By the end, you will have an operational GRC portfolio.
You will work through TechFlow, a healthcare technology company preparing for its first SOC 2 Type II audit.
What You Will Build
Scope, Asset, and Data Documentation
Security and Vendor Risk Policies
SOC 2 Control and Evidence Documentation
Vendor Risk and Customer Assurance Materials
Incident Response and Tabletop Documentation
90-Day Audit Readiness Plan
This course is for you if you are ready to move from studying GRC to building GRC work.
Course 1 Completers Ready for the Next Level
You have already started building GRC portfolio proof and now want to go deeper into audit-ready work, controls, evidence, policies, vendor risk, and operational documentation.
Students Preparing for Operational GRC Roles
You want to move beyond basic risk concepts and learn how GRC work shows up inside audit preparation, evidence collection, vendor reviews, control documentation, and customer assurance.
Professionals Who Need Audit and Evidence Skills
You may come from IT, compliance, audit, healthcare, operations, project management, or another adjacent field. This course helps you organize and explain audit-ready work in a way employers can evaluate.
Choose Your Course 2 Option
Start Course 2 after completing Course 1 and build your audit-ready GRC portfolio.
Hybrid Course
Best for learners who want live support and feedback.
Includes weekly live sessions, structure, and cohort support.
Enroll Hybrid β $697Self-Paced Course
Best for learners who want to complete the course independently.
Includes full course access for independent completion.
Enroll Self-Paced β $397All courses are digital products. No refunds. All sales are final.
Questions before you enroll?
Ready to Build Your Audit-Ready Portfolio in 6 Weeks?
Join the June cohort and build the operational GRC documents, controls, evidence trackers, and audit-readiness materials hiring managers want to see.
Practical portfolio work. Built around the TechFlow SOC 2 readiness case study.
Have you completed Course 1? If not, start there first.
Go to Course 1: GRC Portfolio Builder β