['Information Security Budgeting and Procurement Management', 'Team management', 'Security Awareness Program Implementation', 'Testing strategy and evaluation criteria', 'Direction and leadership', 'Capacity Building and Training', 'Define GRC Program', 'Incident Response and Crisis Management', 'Compliance and Regulatory Alignment', 'Policy and Procedures Review & Development', 'Strategy Development', 'Training material', 'GRC Program roadmap', 'Recruitment', '3rd party Risk Management', 'Compliance Management', '3rd party Risk assessment reports', 'Current Security Posture Evaluation', 'Risk assessment reports', 'Vendor Management', 'Manage GRC Program']