['Policy and Procedures Review & Development', 'Information Security Budgeting and Procurement Management', 'Team management', 'GRC Program roadmap', 'Strategy Development', '3rd party Risk assessment reports', 'Incident Response and Crisis Management', 'Training material', 'Recruitment', 'Vendor Management', 'Testing strategy and evaluation criteria', 'Direction and leadership', 'Current Security Posture Evaluation', 'Compliance Management', '3rd party Risk Management', 'Capacity Building and Training', 'Manage GRC Program', 'Risk assessment reports', 'Compliance and Regulatory Alignment', 'Define GRC Program', 'Security Awareness Program Implementation']