Welcome to the GRC Analyst Practical Projects Platform! You will assume the role of a GRC Analyst at NexusGuard Technologies Ltd., a cloud-based SaaS company headquartered in Dubai with offices in London and New York (450 employees, USD 85M revenue). The company operates two platforms: NexusHealth Pro (healthcare EHR serving 2.5M patients) and NexusFinance Shield (financial compliance for 45 banks). NexusGuard must comply with ISO 27001:2022, HIPAA, PCI DSS v4.0, GDPR, and NIST CSF. You will also use Eramba GRC Community Edition (grc.cybersecurity365.net) as an enterprise GRC tool for 14 lab assignments. This course contains 62 activities across 4 milestones. Review all materials in this section before starting.

Build the governance foundation for NexusGuard Technologies. Create a governance framework, information security policies, an asset register, access control procedures, data classification scheme, committee charters, KPI frameworks, RACI matrices, security awareness programs, and SOPs. Then apply your knowledge in 5 Eramba lab exercises covering Program setup, Organization & Asset review, Policy lifecycle, Policy exceptions, and Controls catalog. Finish with the Governance Knowledge Check quiz.

Contains 19 activities. Grading Weight: 22%.

Conduct 8 risk assessments across different scenarios: IT infrastructure, ransomware threats (BlackVault group), cloud migration, M&A integration (PayStream Analytics acquisition), insider threats, third-party vendor risks, data breach post-mortem, and business continuity. Create incident management policies and vulnerability management programs. Then apply in 4 Eramba labs covering asset risk analysis, third-party risk management, business risk & exceptions, and security incident management.

Contains 19 activities. Grading Weight: 28%.

Perform compliance assessments against 5 major frameworks: ISO 27001:2022 (gap assessment, SoA, internal audit, management review), GDPR (compliance assessment, DPIA, data subject rights), NIST CSF 2.0, HIPAA (Security Rule assessment, risk analysis), and PCI DSS v4.0 (gap assessment, SAQ). Conduct cross-framework control mapping, build compliance dashboards, develop internal audit programs, manage corrective actions, and assess IoT security. Then apply in 4 Eramba compliance labs.

Contains 23 activities. Grading Weight: 28%.

Compile your complete GRC Program Status Report and Executive Board Presentation covering all governance, risk, and compliance work. Generate comprehensive reports from every Eramba module you populated throughout the course. Prepare for your GRC career with mock interviews (foundations and advanced) and build a professional portfolio including a tailored CV, LinkedIn plan, certification roadmap (CISM, CRISC, ISO 27001 LI/LA), and 90-day new role plan.

Contains 5 activities. Grading Weight: 22%.

Download templates, reference documents, standards summaries, and mock company data from here. These files are referenced throughout the course assignments and are required for completing your deliverables.

Available templates include: Information Asset Register, Risk Register, RACI Matrix, Policy Template, Outdated IS Policy (for G-02 gap analysis exercise), and all compliance framework worksheets.

Access credentials, setup guides, naming conventions, and mock data inventory for the Eramba GRC Community Edition platform at grc.cybersecurity365.net. Review ALL materials in this section before starting any Eramba lab assignment (assignments prefixed with E-).

• URL: https://grc.cybersecurity365.net
• Credentials: Sent to your registered email by the instructor
• Naming Convention: ALL records you create must follow STUDENTXX_[ItemType]_[Name] (e.g., STUDENT01_Risk_Phishing)
• Important: You can VIEW existing mock data but CANNOT modify it. You can only see records YOU created.
• Do NOT delete records — contact the instructor if you make a mistake