A GRC guy at heart, with CISO aspirations; offered a duel-hatted Senior GRC and junior DEVOPS role…is breaking into DEVOPS worth it?

Currently, I run what is essentially a small GRC and technical-security shop for a quite large (relative)…we’ll call it O&M, program of about 5-6000 users. I spend most of my day examining and mitigating cyber risk, making NIST-derived policy and operational decisions, juxtaposing cybersecurity compliance with budgetary and operational requirements, and guiding the ISSO team to accredit our systems. I *particularly* enjoy the ‘politicking’ of GRC, specifically helping seniors make security-forward decisions with respect to both overall cybersecurity hygiene against …

amp breaking call ciso cyber cyber risk cybersecurity devops grc heart large making nist program relative risk role run security shop technical what is