496 words, 1.8 minutes read. By Gerard Blokdyk

Governance, Risk and Compliance 1 big thing: Lead team in responding promptly to security incidents and provide thorough post event analysis.

The big picture: Make sure the value and high level design of complex security solutions are understood because you account for them in human and business relevant terms.

Why it matters: Be confident that your process assists with the development, administration, communication and reporting of your organizations diversity and inclusion program, business activities, policies and procedures.

What they’re saying: “Develop and execute on Customer Security Reviews helping (internal) customers monitor and understand the security posture and provide programmatic feedback to continuously improve the security posture., Cheryl G. – Risk and Compliance Manager

Under the hood: Make headway so that your workforce has program development involvement, including designing processes, policies, standards, governance structure, and risk assessment methods, supporting and facilitating risk management activities.


Top Governance, Risk and Compliance Must Haves


Governance, Risk and Compliance Executives tell us every quarter about their must haves.

Here are their most urgent ones:

Learn the Top Emerging Governance, Risk and Compliance Risks HERE: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


Top thinkers are using The Art of Service Critical Capabilities Analysis, the guide that’s helping leaders stay ahead of what’s next.

This guide will help you plan your roadmap. The Critical Capabilities and Priorities Guide enables leaders to shortlist hundreds of appropriate results, already prioritized.


Get started: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


State of play: Establish that your personnel stays connected to market influences and client situation issues to identify and proactively initiate broader concept and outcomes conversations affect current and potential future projects.

On the flip side: Facilitate the completion of the organizations Risk and Control Self Assessment (RCSA) program, working closely with management and control owners to complete their assessments, including communicating procedure requirements, assessing risks and controls, and reporting and tracking of issues identified out of the RCSA.

How it works: Verify that your personnel is involved in governance risk and compliance (GRC) tools in the area of third party risk management, requirements documentation etc.

Yes, but: Lead a team of Enterprise Risk experts to include divisional functions: Cyber Risk Management, Governance and Reporting, Cyber Program Management and Cyber Remediation.

What to watch: Implement the vision, roadmap, and program for the GRC platform including design, requirements, testing, reporting, issues management, change management, and ongoing release management.

Go deeper: Utilize irm/GRC tool as well as any other tools for automated and continuous monitoring of information security controls, assessments, testing and developing reporting metrics, dashboards, and evidence artifacts required for sustainable compliance.

The bottom line: Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board.

What’s next: Facilitate the review of third party SOC reports and partner with your technology teams to ensure relevant third party service providers are aligned with control requirements.

ICYMI: Make sure there is team leader who can independently manage an entire organizations risk management workload, adjust priorities, identify, and manage project, scheduling, and cost risks.



Get started: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


Trusted by: Mitre Corporation, Facebook, TikTok, Accenture, J. J. Keller and Associates, Inc., RainFocus, McKinsey and Company, COMPQSOFT, Santander Bank, Bausch Health Companies, Morgan Stanley, Google, Deloitte, Endeavor, Citi, Grant Thornton, Fayetteville State University, CVS Health, Hallmark, FactSet Research Systems, Bank of America, Blue Cross and Blue Shield of Kansas City, Healthedge, Square, Nike, USAA, Charles Schwab, SUEZ, Ameriprise Financial, Raymond James Financial, Notarize, Oracle, Avanade, Dell Technologies, Liberty Mutual Insurance, BlackRock, Intellia Therapeutics, Visa, Fidelity Investments, Deutsche Bank, Metropolitan Transportation Authority, JPMorgan Chase Bank, N.A., Risk Management Solutions (RMS), EY Global Services Limited prod, Credit Suisse, LPL Financial, Northwestern University, TransUnion, US Senate, Blue Cross Blue Shield of Massachusetts, Domino and #x27;s, Cigna, GCM Grosvenor, Nomura Holdings, Inc., Harris Associates, Wyndham Capital Mortgage, UNITED PARCEL SERVICE, NATIONAL GRID CO USA (NE POWER), MathWorks, IBM, Goldman Sachs, TIAA, Amazon.com Services LLC, Abbvie, Dun and Bradstreet, BDO