['Direction and leadership', 'Compliance Management', 'Incident Response and Crisis Management', 'Manage GRC Program', 'GRC Program roadmap', 'Compliance and Regulatory Alignment', 'Team management', '3rd party Risk assessment reports', 'Training material', 'Vendor Management', 'Current Security Posture Evaluation', 'Risk assessment reports', 'Capacity Building and Training', 'Security Awareness Program Implementation', 'Testing strategy and evaluation criteria', 'Policy and Procedures Review & Development', 'Information Security Budgeting and Procurement Management', 'Strategy Development', '3rd party Risk Management', 'Define GRC Program']