Masterclass Governance, Risk & Compliance (GRC)

4 days Classroom Nederlands

Sharpest price in just 2 steps

Requesting more information and/or the current price of this training is easy. We take into account any ongoing promotions, subsidies, or relationship discounts.

Why Masterclass Governance, Risk & Compliance (GRC) at TSTC?

Exclusive in-house developed Masterclass specifically for experienced CISOs, Privacy Managers, Risk Managers, Compliance Officers, etc.
Lessons from top trainers: practical experience from Dutch-speaking experts who provide you with knowledge and support in job-related competencies.
Unique combination that contributes to the development of relevant soft and hard skills.
Concrete result of the training: a ready-to-use individual action plan for improving GRC results in your organization.
TSTC is the Dutch specialist in training in (cyber)security and information security with a program of over 50 different titles. We have a passion for security and education and our entire team does everything possible to help you achieve your learning goals!

Training Summary

Training Language:

Nederlands
Duration:

4 days
Category:

Information Security (Tactical & Strategic)

IT other

Compliance & (IT) Risk

Description

The number of laws and regulations that organizations must comply with in the field of privacy and security is steadily increasing. With the accompanying stricter controls on how data is handled, there is a significant need for a structured approach that mitigates risks, takes into account internal and external laws and regulations, and initiates (governance) processes that contribute to achieving organizational goals. Where these activities were often approached in isolation in the past, Governance, Risk & Compliance (GRC) must provide the solution to no longer react ad hoc to new regulations, a data breach, cyberattacks, or findings from an audit. GRC, supported by GRC tooling, promises a synchronous approach to three areas, which should lead to more effective and efficient business operations.

Unfortunately, the reality in the field of security and privacy is not always as positive or streamlined. Tools provide outcomes and points of attention, but do not automatically solve the problems that are often hidden deeper within an organization (structure). When GRC is part of your work, you may be dealing with one or more of the following issues:

Risk management and compliance are seen as a problem for the Information Security officer, Risk manager, or Privacy Officer. The first line does not feel ownership for the risks.
Information Security and Privacy (IB&P) and/or Risk are considered subordinate by senior management compared to other organizational goals. Prioritization is low and commitment is fragile.
Tools provide outcomes and advice, but time and/or organizational structure hinder proper follow-up.
IB&P and Risk management are primarily driven by incidents and ad hoc solutions. Due to the workload, there is little time to work towards structural solutions.
IB&P is assigned as an extra role on top of other activities within your function, resulting in tight staffing and limited effectiveness.
In larger processes involving multiple organizational units, everyone looks to each other. Improvement points keep recurring because no one resolves them due to a lack of ownership.
Advice is not or only partially followed up. For example, because concerns are not understood by the management. Control measures are implemented on paper, but the situation remains the same.
In communication within the organization, IB&P and Risk seem to be of subordinate importance to other themes. Only when current events demand it, is an active stance temporarily adopted.

In this 4-day Masterclass GRC, we help you tackle these problems, streamline GRC in your organization, and equip you with sufficient skills to play a central role in this. In addition to the hard skills required for this, this training distinguishes itself by also paying a lot of attention to improving the soft skills/personal skills needed for a successful implementation and maintenance of GRC. After the training, you will return to your workplace with a ready-made action plan that you have developed during the training for your own organization.

Certification

There is no exam associated with this Masterclass. However, you will receive a participation certificate indicating the number of training hours completed. This certificate can be used, for example, to earn (C)PE points to maintain an existing security or privacy certification.

Training Requirements

CISO's, Security Managers, Riskmanagers, Compliance Officers, Privacy Officers, GRC specialisten.
Om succesvol deel te kunnen nemen aan deze training op HBO/WO niveau, dien je over de onderstaande voorkennis te beschikken. Mocht je hier nog niet aan voldoen, dan zou je kunnen overwegen eerst onze C|CISO training te volgen:
(Basis) kennis van de AVG
(Basis) kennis van Security (BIO/ISO27001)
(Basis) kennis van Riskmanagement (ISO31000/COSO-ERM)
Ervaring met adviseren op medior en senior kader niveau.

Materials

Een map met daarin de afgedrukte slides, handig om aantekeningen bij te maken tijdens de Masterclass.

Training Content

Interpretatie GRC begrippen/terminologie

Positioneren voorkennis

Relaties tussen de domeinen Governance, Risk & Compliance

Identificatie van strategische dilemma’s

Modellen voor (be)sturing

Identificatie volwassenenheid

Stakeholdermanagement

Sturing tussen strategisch, tactisch en operationeel

Risk- en compliance modellen

Frameworks voor de beheersing

Oefenen met werking van frameworks

Relatie leggen tussen frameworks en sturing

Compliance thema’s van security en privacy laten aansluiten op de praktijk

Oefeningen toepassen compliance normen

Operationaliseren van frameworks (implementatie)

Methode voor vaststellen compliance met behulp van technieken voor toetsing/audit

Oefeningen toetsen en bijsturen

Integraal toepassen van de rollen binnen het GRC domein

Testen van de toepasbaarheid van de opgedane kennis voor de praktijk van je eigen organisatie

Description

Risk management and compliance are seen as a problem for the Information Security officer, Risk manager, or Privacy Officer. The first line does not feel ownership for the risks.
Information Security and Privacy (IB&P) and/or Risk are considered subordinate by senior management compared to other organizational goals. Prioritization is low and commitment is fragile.
Tools provide outcomes and advice, but time and/or organizational structure hinder proper follow-up.
IB&P and Risk management are primarily driven by incidents and ad hoc solutions. Due to the workload, there is little time to work towards structural solutions.
IB&P is assigned as an extra role on top of other activities within your function, resulting in tight staffing and limited effectiveness.
In larger processes involving multiple organizational units, everyone looks to each other. Improvement points keep recurring because no one resolves them due to a lack of ownership.
Advice is not or only partially followed up. For example, because concerns are not understood by the management. Control measures are implemented on paper, but the situation remains the same.
In communication within the organization, IB&P and Risk seem to be of subordinate importance to other themes. Only when current events demand it, is an active stance temporarily adopted.

Certification

Training Requirements

CISO's, Security Managers, Riskmanagers, Compliance Officers, Privacy Officers, GRC specialisten.
Om succesvol deel te kunnen nemen aan deze training op HBO/WO niveau, dien je over de onderstaande voorkennis te beschikken. Mocht je hier nog niet aan voldoen, dan zou je kunnen overwegen eerst onze C|CISO training te volgen:
(Basis) kennis van de AVG
(Basis) kennis van Security (BIO/ISO27001)
(Basis) kennis van Riskmanagement (ISO31000/COSO-ERM)
Ervaring met adviseren op medior en senior kader niveau.

Materials

Een map met daarin de afgedrukte slides, handig om aantekeningen bij te maken tijdens de Masterclass.

Training Content

Interpretatie GRC begrippen/terminologie

Positioneren voorkennis

Relaties tussen de domeinen Governance, Risk & Compliance

Identificatie van strategische dilemma’s

Modellen voor (be)sturing

Identificatie volwassenenheid

Stakeholdermanagement

Sturing tussen strategisch, tactisch en operationeel

Risk- en compliance modellen

Frameworks voor de beheersing

Oefenen met werking van frameworks

Relatie leggen tussen frameworks en sturing

Compliance thema’s van security en privacy laten aansluiten op de praktijk

Oefeningen toepassen compliance normen

Operationaliseren van frameworks (implementatie)

Methode voor vaststellen compliance met behulp van technieken voor toetsing/audit

Oefeningen toetsen en bijsturen

Integraal toepassen van de rollen binnen het GRC domein

Testen van de toepasbaarheid van de opgedane kennis voor de praktijk van je eigen organisatie

I am taking this next step in my lifelong learning journey.

What Can I Learn After The Masterclass Governance, Risk & Compliance (GRC)?

Knowledge of control principles.
Strengthening organizational sensitivity by linking integral organizational objectives to current dilemmas.
Relevant integral advising.
Tailoring control frameworks to your organization's needs and desires.
Improvements for the fields of IB&P and Risk Management translated into a comprehensive improvement plan that aligns with organizational objectives.
Apply methods and techniques to conduct a thorough control or audit.

The ability to map your own organization onto different risk and governance models.
Increasing management involvement through stakeholder management, case discussions, and practical exercises.
Models for risk, governance, and maturity aligned at the boardroom level.
Encourage your medior or senior staff to more effectively follow your advice.
Supporting the organization in the implementation of compliance themes.
Deliver relevant information to your stakeholders in appropriate reports.

Stronger persuasion through the use of appropriate methods and stakeholder management in your advisory role.
Perform analyses at senior management level (strengthen the distinction between main and secondary issues).
Projecting a maturity model onto your organization and knowing the necessary steps to advance your organization to the next phase.
Identifying and organizing ambiguities in tasks, responsibilities, and authorities.
The development of a control and audit plan that provides management assurance regarding the level of compliance with relevant laws and regulations.
Articulating a multi-year vision for your field of work.

Schedules

This training is scheduled as follows in the coming period. Missing a date? Feel free to contact us.

Date: 15 - 18 juni 2026

Location: TSTC Veenendaal - Klassikaal

Price: € 3.500,- ex BTW

Date: In overleg

Location: —

Request current price

Learning paths

This training can also be taken as part of the below learning path(s). If you want to follow multiple titles from a learning path, please contact our advisors for a suitable bundle offer.

Expert

Intermediate

Fundamentals