GRC Portfolio Studio β€” The Tech Academy
Self-paced Β· ISO/IEC 27001-aligned

Build a Job-Ready GRC Portfolio in 5 Weeks

Practical, ISO/IEC 27001-aligned artifacts. Optional live review sessions. Real proof you can open in an interview. Includes resume and LinkedIn refresh.

For serious people moving into non-coding cybersecurity roles who cannot build their life around weekly live classes.

Not sure GRC is your path? Take the free Cyber Role Finder
Start here

A welcome from Dr. Shumba

A short introduction to how the Studio works, who it's for, and what you'll walk away able to show. Watch this first, then explore the build below.

A certificate says you studied.
A degree says you studied.
A portfolio shows how you think.

Many people want to move into GRC, compliance, risk, vendor risk, or IT audit. They take courses. They watch videos. They collect notes. But when a hiring manager asks, β€œCan you show me something you have done?” they have nothing practical to open.

This Studio helps you build that proof.

The story you work inside

One company. One story. One connected portfolio.

Inside the Studio, you become the first GRC analyst for TechFlow Solutions, a realistic cloud company with healthcare and financial services clients.

TechFlow has sensitive data, vendors, access issues, missing policies, audit pressure, and customers asking for security proof. Your job is to help it move from informal security practices to a structured, evidence-based GRC program.

Every artifact is built around the same case, so your portfolio tells one clear story instead of looking like disconnected worksheets.

The TechFlow brief

01Cloud analytics platform on AWS, ~150 clients across healthcare, financial services, and enterprise
02Holds PHI, financial records, card data, and customer PII β€” with no data classification
03Seven vendors, none security-checked; optional client sign-in; no written policies
04Clients demanding SOC 2 proof and HIPAA assurance β€” and no GRC program yet
Listen Β· 5 min

Why your portfolio comes first

Where your work fits in the real GRC workflow β€” and why proof beats paper, straight from the course.

What you will build

Eleven artifacts, threaded into one portfolio

Follow the golden thread β€” each piece connects to the next, exactly the way an auditor reads a real program.

01Risk Register with Treatment PlanCapstone
02Control MappingControls
03Statement of ApplicabilityISO 27001
04Vendor Risk ReviewThird-party
05Policy PackGovernance
06Audit Evidence TrackerEvidence
07Control Testing WorksheetAssurance
08Remediation TrackerFollow-up
09Executive GRC SummaryReporting
10Resume & LinkedIn RefreshCareer
11Interview Story BankCareer
How the Studio works

A self-paced, portfolio-building program β€” with the option to present your work for feedback

You have short lessons, templates, worked examples, and clear instructions, and you complete the work on your own schedule. Cohort members can also present their portfolio and receive instructor feedback.

01

Learn on your schedule

Short lessons, templates, and worked examples, organized week by week. About one hour of video, then several hours of building β€” no fixed lecture times.

02

Build the artifacts

Every task produces a real GRC deliverable, all built around the TechFlow case so your portfolio reads as one connected story.

03

Present your work for feedback

Cohort members present their portfolio in optional review sessions β€” not weekly lectures. Get instructor feedback, see how others approached the work, and practice explaining your artifacts like an analyst.

What you will be able to show

Open your portfolio and walk through the work

That is the difference between saying β€œI took a course” and saying β€œHere is the work I can do.”

How you assessed risk

How you mapped controls

How you completed a Statement of Applicability

How you reviewed a vendor

How you wrote security policies

How you collected and tested audit evidence

How you tracked remediation

How you summarized the program for leadership

Why ISO alignment matters

Your portfolio speaks the language real organizations use

Aligned to ISO/IEC 27001:2022 β€” one of the most recognized information security management standards in the world β€” with control logic supported by ISO/IEC 27002. Your work follows the structure of the standard itself:

Clause 4 Β· Context Clause 5 Β· Leadership Clause 6 Β· Risk planning Clause 7 Β· Support Clause 8 Β· Operation Clause 9 Β· Evaluation Clause 10 Β· Improvement Annex A Β· Controls

Optional ISO Foundation path

The Studio is not an exam prep course. But the work gives you practical exposure to how an information security management system is structured.

After the Studio, students who want a recognized credential may choose to pursue an ISO/IEC 27001 Foundation exam separately. Your portfolio shows you can apply the concepts in practical GRC work.

This course does not make you ISO-certified or PECB-certified. It helps you build practical, ISO-aligned portfolio proof.

Portfolio first. Certification second.
Is this for you?

Built for doers, not spectators

This Studio is for you if…

  • βœ“You want to move into a non-coding cybersecurity role
  • βœ“You are interested in GRC, compliance, risk, vendor risk, or IT audit
  • βœ“You are busy and need a flexible, self-paced structure
  • βœ“You have certificates but still nothing practical to show
  • βœ“You are a recent graduate who needs proof beyond a degree
  • βœ“You have experience in IT, healthcare, finance, audit, admin, military, or compliance
  • βœ“You can commit 5 to 7 hours per week to building the portfolio

This is not for you if…

  • βœ•You want weekly live lectures
  • βœ•You want someone to do the work for you
  • βœ•You are only looking for exam prep
  • βœ•You want a purely technical cybersecurity course
  • βœ•You cannot complete weekly artifacts
  • βœ•You are looking for an ISO certification issued by this program
A word from Dr. Shumba

β€œI built this Studio for people who are ready to move.”

You may be working, raising a family, or in a different time zone. You may have taken courses, watched videos, earned certificates β€” and still feel like you have nothing strong enough to show an employer. I understand that.

GRC is one of the most practical non-coding paths into cybersecurity, but you need more than motivation. You need proof. That is why this Studio is built around doing. Five weeks from now, you should be able to open your portfolio and show the work.

Dr. Rose Shumba

Cybersecurity Educator & Computing Professor

More than 20 years preparing students and professionals for technology careers. She has led cybersecurity and computing programs, developed student success pathways, and helped learners translate technical knowledge into career opportunities.

Holds the PECB ISO/IEC 27001 Foundation credential. Created this Studio to help learners build practical GRC proof.
Founding Cohort Β· August

Join at the founding price

Both prices below are Founding Cohort pricing for the August launch β€” they go up for the next cohort. Join now to lock in the lowest rate.

Self-Study

Everything you need to build it on your own
$297
  • All 28 video lessons
  • Downloadable Excel & Word templates
  • Module podcasts and completion badge
  • Full portfolio build instructions
  • No office hours or instructor feedback
Get Self-Study Access
Questions

Frequently asked

Is this live or self-paced?

The Studio is self-paced. Each week includes lessons, templates, examples, and instructions. The live sessions are optional review and practice sessions.

Do I have to attend the live sessions?

No. You can complete the Studio through the self-paced lessons and templates. To earn the badge, you must complete either a live or recorded final presentation.

Will every artifact be reviewed one-on-one?

This is not weekly one-on-one coaching. You receive templates, worked examples, checklists, and optional group review sessions. Final portfolio review is tied to badge completion.

Do I need a technical background?

No. You need basic computer and spreadsheet skills, attention to detail, and time to complete the work.

Is this an ISO certification course?

No. The Studio does not issue ISO or PECB certification. It helps you build ISO-aligned GRC portfolio artifacts.

Can I take an ISO Foundation exam after this?

Yes, that is an option. The exam is separate from the Studio and must be purchased through the exam provider. The Studio gives you practical exposure to the structure of an information security management system.

How much time should I plan each week?

Plan for 5 to 7 hours per week. Most weeks include about one hour of video and several hours of artifact-building.

Can I share my portfolio publicly?

Yes, but only share polished PDFs. Do not include private information, real employer data, copyrighted ISO text, or anything that looks confidential.

You do not need another course you cannot show

You need proof.

Five weeks from now, you can have a complete GRC portfolio that shows how you assess risk, map controls, review vendors, write policies, test evidence, track remediation, and brief leadership.

Join the August Cohort
GRC Portfolio Studio
Iron sharpens iron.