Module 1
GRC Core Foundations
Understand what GRC is, how governance, risk, and compliance work together, and master the core vocabulary every interviewer tests.
~90 min
0% complete
GRC Track
Thirteen modules. 51 lessons. Taught by ZEN.
Course content last reviewed: June 2026.
All content reflects standards and frameworks as of June 2026, including PCI DSS 4.0.1, NIST CSF 2.0, ISO 27001:2022, and NIST AI RMF 1.0.
Module 2
NIST Cybersecurity Framework 2.0
Master the six functions, the four tiers, profiles, and how to run a gap assessment.
~60 min
0% complete
Module 3
NIST AI Risk Management Framework
Understand AI-specific risk: Govern, Map, Measure, Manage, plus bias, transparency, and explainability.
~45 min
0% complete
Module 4
ISO 27001
Master the ISMS, the Annex A controls, and the Statement of Applicability.
~75 min
0% complete
Module 5
SOC 2
Master the five Trust Services Criteria and the difference between Type I and Type II.
~55 min
0% complete
Module 6
PCI DSS
Master the 12 requirements, the merchant levels, and QSA, SAQ, and ROC.
~65 min
0% complete
Module 7
SOX ITGC
Master IT General Controls, segregation of duties, and change management.
~50 min
0% complete
Module 8
HIPAA and HITECH
Master the three rules and the three safeguards.
~50 min
0% complete
Module 9
HITRUST
Understand the HITRUST CSF and why healthcare vendors pursue it.
~30 min
0% complete
Module 10
Third-Party Risk Management
Master the vendor lifecycle and the SIG and CAIQ questionnaires.
~55 min
0% complete
Module 11
Vulnerability Management
Master CVE, CVSS, the CISA KEV list, EPSS, and risk-based patching.
~40 min
0% complete
Module 12
Cloud and Modern Security
Master the shared responsibility model, Zero Trust, and identity and access management.
~50 min
0% complete
Module 13
Interview Mastery
Walk into any GRC interview calm and confident.
~45 min
0% complete