{"id":44,"date":"2026-05-05T15:21:13","date_gmt":"2026-05-05T15:21:13","guid":{"rendered":"https:\/\/student.wp.odu.edu\/jdick043\/?page_id=44"},"modified":"2026-05-05T15:21:13","modified_gmt":"2026-05-05T15:21:13","slug":"cybersecurity-professional-career-paper","status":"publish","type":"page","link":"https:\/\/student.wp.odu.edu\/jdick043\/cyse-201s\/cybersecurity-professional-career-paper\/","title":{"rendered":"Cybersecurity Professional Career Paper"},"content":{"rendered":"\n

Cybersecurity Professional Career Paper: Governance Risk and Compliance Analyst<\/strong><\/p>\n\n\n\n

James Dickinson
Department of Cybersecurity, Old Dominion University
CYSE 201S: Cybersecurity and the Social Sciences
Instructor name: Diwakar Yalpi
Date: 4\/16\/2026<\/p>\n\n\n\n

Introduction<\/strong>
Within the cybersecurity profession, there are various roles; some analyze traffic, some conduct penetration tests, and others are responsible for the governance of these operations and their implementation within an organization. Those responsible for governance are under the Governance, Risk, and Compliance profession umbrella. Specifically, this paper will examine the role of the GRC Analyst. A GRC Analyst is responsible for the oversight and management of an organization’s policies and their compliance with regulations. A GRC Analyst can be seen as the middleman between regular cybersecurity roles, like a SOC analyst, and the political executives of an organization. With this, they must align decisions regarding technological operation and security with the best business outcome and performance, melding the goals of businessmen and cybersecurity professionals. This is extraordinarily important as almost every organization must have some kind of cybersecurity measures, but the goals of a security professional and a businessman don\u2019t necessarily align, as one wants to use the least to make the most money, which often comes with downfalls like fewer resources being implemented into secure practices. That’s why the GRC Analyst role is so crucial, as they are what allows organizations to ensure both security and business performance. This paper, as previously stated, will provide an overview of the GRC analyst role, but it will also provide an understanding of the heavy implications of social sciences in the GRC analyst role.
Social science principles
<\/strong>Cybersecurity research and political science research have not been directly related very much in the past, and with that, the human factor has become one of the least touched upon factors relevant to its importance in comparison to other factors that get much more attention, like security patching (Dalal et al., 2021). Today, many cybersecurity attacks aren\u2019t done by exploiting computers, but rather by exploiting humans via social engineering. With this, most data breaches are actually the result of human workers’ shortcomings and the exploitation of said shortcomings. That’s why the importance of understanding social science is becoming so paramount, as many of the solutions for data breaches today start with the human factor and the social sciences that provide an understanding of said factor. With this, the consideration of human factors and the understanding of social science have become deeply integrated within cybersecurity practices today. For example, one of the most common solutions to the vulnerability of the human factor is security awareness training. Most corporate workers and students likely have experience with these trainings, as most GRC roles within organizations have realized that the human factor is perhaps the most vulnerable.
Application of Key Concepts
<\/strong>The GRC analyst role utilizes a myriad of different concepts covered in this class, such as the consideration and utilization of the human factor, determinism, ethical neutrality, and sociology. A GRC analyst must have an understanding of all of these concepts in order to cohesively integrate the worlds of cybersecurity and business. The human factor is one of the most important factors to consider for a GRC analyst, as this is what they must consider when implementing any type of policy for the organization’s workers. An example of a GRC analyst’s application of this is security awareness training, which is a security insurance that directly addresses the vulnerabilities of the human factor. Determinism is another crucial concept that lies at the foundation of the GRC analyst role. Part of a GRC analyst\u2019s responsibilities is to analyze, assess, and make implementations based on risk. To do this, one must look at the factors or vulnerabilities that result in this risk and how to manipulate these factors in order to mitigate said risk. Maintaining ethical neutrality is actually something a GRC analyst must do at all times. A GRC analyst must make judgments and decisions regarding policies that may affect many people’s lives, so it is just as important for a GRC analyst to maintain ethical neutrality as it is for a politician. For example, when an analyst conducts a policy risk assessment with their organization’s device monitoring policies, and they disagree with the level of privacy the organization is providing its users, they must make an objective decision that aligns with risk levels and compliance, despite their own opinions. Finally, a GRC analyst must have a very good understanding of sociology. A GRC analyst must manage social problems that may arise during managerial duties of getting workers to want to follow rules, as well as operate within the organization’s and government\u2019s policies. This requires an understanding of the differing social paradigms of various demographics in order to create a medium of understanding required for managing the risks and policies of these groups.
Marginalization
<\/strong>In many marginalized groups, people have lower levels of access to technologies, education, and other resources. This results in a lack of security practices, familiarity with cyberspace, and a lower ability to recuperate after attacks like identity fraud or theft (Chattopadhyay et al., 2024). This lack of access then results in cybersecurity being a low area of focus in those communities, despite the fact that cybersecurity affects those communities about as much. For example, an organization with remote workers must reconsider its policy to require an HQ VPN if the remote workers’ area doesn\u2019t offer sufficient broadband support. To overcome the obstacles in the way of ensuring cybersecurity within marginalized communities is the tailoring of cybersecurity laws and policies to the unique needs of those communities to ensure security (Chattopadhyay et al., 2024). These issues can also be seen as vulnerabilities, and attackers absolutely do see them as that; as a result, these communities are in a very vulnerable state. An example of this tailoring is the proposed solution to combat bias in algorithms, and that us conductiung audits and reviews of things like algorithm databases to ensure they\u2019re representative, and do not misrepresent marginalized groups (Wang et al., 2024). This misrepresentation is a major challenge faced by analysts and policymakers as it skews the data. This bias can also be present within GRC analysts, as there is a major underrepresentation in that field, with most of the analysts being men. To combat this, DEI initiatives have been implemented that incentivize a more equal representation of people within corporate America.
Career Connection to Society
<\/strong>GRC analysts serve as a backbone to the stability of societal infrastructure in cybersecurity. They directly protect systems like banks and healthcare systems by implementing and ensuring the secure cyber operations of systems that society relies upon. They do this by ensuring their organization complies with security standards and ensuring that implemented policies take cybersecurity into account. Without GRC analysts, cybersecurity likely wouldn\u2019t be at the forefront of policy, with business performance being the larger concern. This is due to the fact that societal interests and paradigms are some of the major factors that influence a GRC analyst’s actions, with a dynamic relationship between the role and society being a foundation of the operability of this role. HIPAA is a regulation that ensures the privacy of patients within the American health care system, and a major part of a GRC analyst’s role in a hospital would be to ensure the hospital’s compliance with this regulation. This public policy, as well as other security standards, is actually one of the focal points of these analysts, as their objective with it is to make sure their organization is meeting the requirements of this public policy. This is for the greater good of the public, as a secure standard is crucial for a secure society.
Scholarly Journal Articles
<\/strong>Dalal, R. S., Howard, D. J., Bennett, R. J., Posey, C., Zaccaro, S. J., & Brummel, B. J. (2021). Organizational science and cybersecurity: abundant opportunities for research at the interface. Journal of Business and Psychology, 37(1), 1\u201329. https:\/\/doi.org\/10.1007\/s10869-021-09732-9
This article was focused on the human factor, its lack of research, the human factors’ relevance to cybersecurity, and the interplay between cybersecurity behavior\/culture and organizational policy. The human factor is very relevant and important to GRC analysts, and this article on that factor and its implications is the scope in which GRC analysts will also view solutions to problems they may encounter.<\/p>\n\n\n\n

Chattopadhyay, A., Carvajal, R., Chaganti, V., Venkatagiri, S., & Swarthmore College. (2024). Where are Marginalized Communities in Cybersecurity Research? USENIX. https:\/\/www.usenix.org\/system\/files\/soups2024_poster56_abstract-chattopadhyay_final.pdf
This source directly supports this paper’s analysis of marginalized groups by reviewing their underrepresentation within, and lack of access to, cybersecurity and technology. It also reviews the digital divide and the technological disparities that these marginalized communities experience and identifies them as key areas of focus.<\/p>\n\n\n\n

Wang, X., Wu, Y. C., Ji, X., & Fu, H. (2024). Algorithmic discrimination: examining its types and regulatory measures with emphasis on US legal practices. Frontiers in artificial intelligence, 7, 1320277. https:\/\/doi.org\/10.3389\/frai.2024.1320277
This source was a great contribution to my understanding of the societal implementation of the GRC analyst role in algorithmic racial bias and how GRC analysts have the ability to help mitigate this. This provided an overview of the topic and the implications of it within society, allowing for the connection of the social principles within the article, the policies regarding them, and the cybersecurity profession reviewed in this paper in order to create an understanding of the cohesive interplay between these different fields.<\/p>\n\n\n\n

Hopkins, C. F. K. U. T. (2024, August 30). Hack The Cybersecurity Interview – Second edition. O\u2019Reilly Online Learning. https:\/\/learning.oreilly.com\/library\/view\/hack-the-cybersecurity\/9781835461297\/Text\/Chapter_07.xhtml#_idParaDest-77<\/p>\n","protected":false},"excerpt":{"rendered":"

Cybersecurity Professional Career Paper: Governance Risk and Compliance Analyst James DickinsonDepartment of Cybersecurity, Old Dominion UniversityCYSE 201S: Cybersecurity and the Social SciencesInstructor name: Diwakar YalpiDate: 4\/16\/2026 IntroductionWithin the cybersecurity profession, there are various roles; some analyze traffic, some conduct penetration… Continue Reading →<\/a><\/p>\n","protected":false},"author":32004,"featured_media":0,"parent":13,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/pages\/44"}],"collection":[{"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/users\/32004"}],"replies":[{"embeddable":true,"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/comments?post=44"}],"version-history":[{"count":1,"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/pages\/44\/revisions"}],"predecessor-version":[{"id":45,"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/pages\/44\/revisions\/45"}],"up":[{"embeddable":true,"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/pages\/13"}],"wp:attachment":[{"href":"https:\/\/student.wp.odu.edu\/jdick043\/wp-json\/wp\/v2\/media?parent=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}