Learn GRC by doing.
A friendly, hands-on way to build real governance, risk, and compliance skills — one scenario at a time.
What's inside
Everything you need to learn GRC, prep for the job, and do the job — in one place.
Structured learning paths
Curated paths by domain and skill level — from GRC fundamentals through to specialist governance and security tracks.
Job paths
Targeting a role like GRC Analyst, IT Auditor, or Privacy Ops? Job paths bundle the modules that map to it.
Scenario practice
Draft real deliverables in realistic scenarios and get AI feedback on your reasoning and control design.
Case studies
Short governance narratives with guided questions that strengthen professional judgment.
GRC Coach
An AI coach that learns your goals and experience and suggests what to study next — ask anything GRC.
XP, certificates & leaderboard
Earn XP for every module, climb the leaderboard, and download a certificate when you finish a path.
Land the role, pass the exam
Targeted prep for interviews, certifications, and the conversations you'll actually have on the job.
Interview Prep
Realistic GRC interview questions across 17 roles, by category and difficulty, with AI-graded feedback and model answers.
Exam Prep
Domain-by-domain practice questions for 57+ certifications — CISA, CISM, CRISC, CISSP, ISO 27001 LA, and many more.
Role Play
Hold real GRC conversations — audit walkthroughs, board briefings, vendor pushback — with an AI partner that stays in character.
Run a GRC programme end to end
The same registers, assessments, and reports you'd build in the real job — already wired together and ready to use.
GRC Dashboard
A unified workspace of integrated GRC tools with health metrics at a glance.
Risk Register
Capture, score, and track risks with linked controls and owners.
Compliance & controls
Run obligations, control assessments, and evidence reviews against the frameworks you care about.
Audits & gap analysis
Plan audits and run gap analyses against NIST CSF, ISO 27001, SOC 2, and more.
Incidents & threats
Triage incidents, maintain the threat register, and tie response actions back to controls.
Vendors & policies
Third-party vendor assurance, policy library, ROPA, business continuity plans, and board reports.
12 GRC mini-games for the in-between moments
Drills sharpen your recall and sims put you in the seat. Five minutes between meetings, a daily warm-up, or a streak you defend — the Arcade keeps GRC fresh without the long-form study load.
Quick-fire drills
Trivia, Flashcards, Speed Run, Acronym Rush, Regulation Roulette, and Control ID Memory — sharpen recall in five minutes.
Scenario-style sims
Risk Matrix Puzzle, Framework Match, Incident Simulator, Evidence Hunt, Threat Modeler, and Policy Builder.
By the numbers
Certification exams
Job paths & interview roles
GRC tools & registers
Play Arcade mini-games
How it works
Three steps from first login to finished path.
Pick a path
Choose a job path, domain, or skill you want to build.
Work through modules
Read the context, answer the questions, get instant feedback.
Earn your certificate
Finish a path, earn XP, and share your achievement.
Ready to start?
No prior experience required. Jump into your first module and see how it feels.