[gt_grc]

I don't have any other recommendations for studying, but as someone who made the transition from IT to GRC, I can offer some advice about getting practical experience.

A Big Four firm is a good place to get started in a GRC career. You'll get pretty broad exposure to the field, and you'll have the opportunity to develop expertise in specific GRC domains.

If you're already working in a regulated industry (especially for a publicly traded company), you may be able to move into a GRC position at your present company. Compliance, internal audit, third party risk management, business continuity/resiliency and disaster recovery are common areas that fall under the broad GRC umbrella.

I worked in various IT roles at a financial services company, and I was able to move into a risk analyst role, then I went to a Big Four firm, and I'm now back in industry.

As far as certs go, CRISC, CISA and CISSP are the most common I've seen among GRC folks, although most of the people I've worked with didn't have any of them.