['Security Awareness Program Implementation', 'Define GRC Program', 'Incident Response and Crisis Management', 'Team management', 'Current Security Posture Evaluation', 'Policy and Procedures Review & Development', 'Compliance Management', 'Information Security Budgeting and Procurement Management', 'Manage GRC Program', 'Training material', 'Strategy Development', 'Capacity Building and Training', 'GRC Program roadmap', 'Testing strategy and evaluation criteria', 'Compliance and Regulatory Alignment', 'Vendor Management', 'Risk assessment reports', '3rd party Risk Management', 'Recruitment', '3rd party Risk assessment reports', 'Direction and leadership']