Career Pivot into Cybersecurity/GRC from QA Testing Background

A mid-40s professional with over seven years of experience as a manual software QA tester, laid off in June 2025, is seeking career advice after struggling to find another QA role due to declining job openings in the field. The individual holds an active CEH (Certified Ethical Hacker) certification but has limited recent experience applying it practically. They are now considering a career pivot into GRC (Governance, Risk, and Compliance) and have outlined four potential transition paths: moving through IT support roles, taking specialized GRC courses, earning an ISO 27001 Lead Auditor certification, or pursuing CISA Associate status. The poster currently maintains active subscriptions to LinkedIn Learning and TryHackMe for skill development and is inquiring about the potential value of adding Coursera to their learning resources. They are seeking guidance on which path would be most effective for successfully transitioning into the cybersecurity and GRC field given their background and current certifications.