Calm Resilience Security Ltd mark

Calm Resilience Security Ltd

Calm under pressure. Security by design.

GRC Analyst Launchpad

Become a job-ready GRC analyst in 8 weeks.

Learn ISO 27001, risk management, vendor risk, and audit by doing real-world work instead of just watching lectures.

GRC Analyst Launchpad is a hands-on training programme for entry-level cybersecurity professionals who want to become useful in Governance, Risk & Compliance from day one.

Enrol now Join the waitlist

Most cybersecurity courses do not make you hireable

A lot of entry-level cybersecurity training still leans too hard on theory, light on real work, and leaves people unable to explain risk, support audits, or maintain useful security artefacts inside a real business.

This programme trains you to do the actual job

You will practise the tasks junior GRC analysts are expected to handle in growing organisations and leave with work you can discuss credibly in interviews.

Outcomes

What you will learn how to do

Core analyst skills

  • Identify and describe risks clearly
  • Build and maintain a risk register
  • Understand ISO 27001 and how an ISMS works
  • Map risks to controls

Practical delivery skills

  • Draft a Statement of Applicability
  • Assess vendor risk
  • Collect and review audit evidence
  • Write clear findings and recommendations

Why This Is Different

Built around real work, not passive content

Realistic, hands-on learning

You work inside the fictional but realistic FinSure Payments Ltd scenario and respond to incidents, assess risks, review controls, evaluate vendors, and prepare for audit.

Portfolio-first design

Every major week produces artefacts you can keep and discuss in interviews, including a risk register, SoA, policy, audit findings, and a full capstone assessment pack.

Designed for beginners

You do not need to be a penetration tester, cloud engineer, or compliance specialist to start. The structure is built for people entering GRC for the first time.

Audience

Who this programme is for

A strong fit if you are

  • Trying to break into cybersecurity through a realistic path
  • Moving from IT, audit, compliance, or operations
  • A student or graduate who wants practical portfolio work
  • Early in your cybersecurity career and interested in GRC

Probably not for you if you want

  • Deep technical offensive security training
  • Certification cram content only
  • Advanced senior-level governance strategy

Curriculum

What you'll cover across 8 weeks

Week 1 — Foundations of GRC & Risk

Understand governance, risk, compliance, and how to write clear risk statements.

Week 2 — Threats, Breaches & Why Security Fails

Break down incidents, control failures, and real business impact.

Week 3 — ISO 27001 & ISMS Core

Understand how organisations structure security through an ISMS and what ISO 27001 is asking for.

Week 4 — Controls, Policies & SoA

Learn how risks connect to controls, policies, and the Statement of Applicability.

Week 5 — Risk Register & Risk Assessment

Build one of the most important artefacts in GRC: a practical risk register.

Week 6 — Third-Party Risk & Vendor Due Diligence

Assess vendors, identify external risk, and make risk-based decisions.

Week 7 — Audit, Evidence & Assurance

Learn how controls are tested, how evidence works, and how findings are written.

Week 8 — Capstone Project

Bring everything together in a full GRC assessment for FinSure Payments Ltd.

Deliverables

What you'll leave with

Portfolio artefacts

A professional risk register, a Statement of Applicability, a short security policy, and audit findings with recommendations.

Interview evidence

Outputs designed to help you speak credibly about entry-level GRC work and show employers how you think.

Job-ready framing

Practical understanding of business risk, audit support, ISO 27001 readiness, and security governance delivery.

Employer Value

Why employers care about this

Employers need junior analysts who can communicate clearly, organise evidence, understand risk in business terms, support audits, and contribute to ISO 27001 and governance work. That is exactly what this programme is designed to develop.

Featured Public Work

Public proof of practical GRC delivery

GRC as Code Lab

A governance engineering prototype that turns infrastructure findings into control outcomes, risk scoring, evidence, and executive reporting.

Company Direction

Calm Resilience Security Ltd is positioned around practical assurance, resilient security design, and governance that holds up in real operations.

Private Training Track

Curriculum, templates, capstones, and learner materials are intentionally separated into a private repository.

Explore GRC Lab View GitHub profile

Public-safe company summaries live here. Delivery assets stay private in grc-analyst-launchpad.

Instructor

Built from real experience

Built by a cybersecurity and GRC practitioner with real-world experience across ISO 27001, cloud security, enterprise risk, audit support, and third-party risk in modern technology environments. This is not generic course content. It is designed around how security governance actually operates inside growing companies.

Pricing

Choose the level of support you want

Launch Offer

For a limited time, the Guided programme is available at the Self-Paced price.

This is an early cohort offer as we refine the programme with our first group of learners.

Self-Paced

Access the full 8-week programme, templates, and capstone materials.

Guided — Most Popular

Everything in Self-Paced, plus structured feedback on your work.

Launch Offer: £99 (normally £249)

Available for the first cohort only.

Premium

Everything in Guided, plus direct review, coaching, and interview support.

Frequently Asked Questions

Answers to common questions

Do I need a technical background?

No. This programme is designed to be accessible to beginners and career switchers.

Is this only for people pursuing ISO 27001 roles?

No. It is broader than ISO and prepares you for junior GRC, security analyst, risk, audit-adjacent, and ISMS support roles.

Will I get templates and practical materials?

Yes. Templates and structured materials are built into the programme so you can produce professional outputs.

Is there a capstone project?

Yes. The capstone is a full GRC simulation based on FinSure Payments Ltd.

Can I use the final work in interviews?

Yes. The programme is designed to give you portfolio-quality outputs you can discuss with employers.

Final Call To Action

Become a job-ready GRC analyst.

Learn the fundamentals, build real artefacts, and develop practical skills that employers actually value.

Enrol now Join the waitlist

Enrolment

Ready to join the first cohort?

Email james.omorogbe@calmsecurity.uk to enrol or join the waitlist.

If your browser does not open an email app automatically, copy the address above and send your enquiry directly.