527 words, 2.0 minutes read. By Gerard Blokdyk

Governance, Risk and Compliance 1 big thing: Understand and operationalize inventory of risk register tracking, scoring and associated risk statements.

The big picture: Oversee the entire Information Security program and plan, to establish strategies and processes which support your organizations ongoing security objectives and adhere to NIST/SANS.

Why it matters: Be certain that your design works as an advisor to the business areas to plan for vendor solutions towards managing the information security risk.

On the flip side: Secure that your personnel implements strong feedback loop between Training, Business Unit, and line of defense groups to ensure staff and management are aware of results and areas for improvement.

How it works: Identify and prioritize security areas of greatest potential impact to the business and collaborate with impacted business units to decide how to avoid, reduce, or transfer such risks.

Be smart: Act as a change agent and drive change by challenging as-is risk assessment processes by creating, implementing industry standards, best practices, repeatable risk evaluation methodologies using GRC framework.

Yes, but: Make sure your personnel provides expertise and support to ensure companys risk programs remain in compliance with applicable regulations including evolving data privacy regulations.

What they’re saying: “Collaborate in a matrix environment to develop and facilitate data gathering methodology for daily, weekly, monthly reporting metrics and dashboard(s) to assess IT security controls., Rebecca R. – Associate, Operational Risk

State of play: Make sure your group is identifying non compliance issues in software engineering activities and non consistent issues in software work products, and monitor such to resolution.

Under the hood: Develop and execute plans to improve the effectiveness of operational risk and compliance management structures, policies, procedures, systems and controls, and related governance and reporting frameworks, paying attention to best practices, trends and advances in operational risk management and compliance in the financial services industry.


Top Governance, Risk and Compliance Must Haves


Governance, Risk and Compliance Executives tell us every quarter about their must haves.

Here are their most urgent ones:

Learn the Top Emerging Governance, Risk and Compliance Risks HERE: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


Top thinkers are using The Art of Service Critical Capabilities Analysis, the guide that’s helping leaders stay ahead of what’s next.

This guide will help you plan your roadmap. The Critical Capabilities and Priorities Guide enables leaders to shortlist hundreds of appropriate results, already prioritized.


Get started: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


Between the lines: Drive continual improvement of the IT SOX governance program through the development of training, facilitation of SOX auditors and creation of support materials and processes for Control Owners.

The bottom line: Plan, scope, develop and invest in the coordination, execution, and communication of new, and ongoing Information Security you Compliance initiatives relevant to the implementation of Information Security you Compliance efforts.

What’s next: Ensure technical and operational security controls are incorporated into new systems and applications through participation in planning, design and implementation reviews of all new systems and significant changes to existing systems.

ICYMI: Understand the security tooling, integration and automation needs of security governance, risk and compliance, security engineering and innovation, security operations and incident response, and cyber solutions implementing solutions to promote business growth and differentiation through security tooling and automation.



Get started: store.theartofservice.com/Governance,-Risk-and-Compliance-critical-capabilities/


Trusted by: Mitre Corporation, Facebook, TikTok, Accenture, J. J. Keller and Associates, Inc., RainFocus, McKinsey and Company, COMPQSOFT, Santander Bank, Bausch Health Companies, Morgan Stanley, Google, Deloitte, Endeavor, Citi, Grant Thornton, Fayetteville State University, CVS Health, Hallmark, FactSet Research Systems, Bank of America, Blue Cross and Blue Shield of Kansas City, Healthedge, Square, Nike, USAA, Charles Schwab, SUEZ, Ameriprise Financial, Raymond James Financial, Notarize, Oracle, Avanade, Dell Technologies, Liberty Mutual Insurance, BlackRock, Intellia Therapeutics, Visa, Fidelity Investments, Deutsche Bank, Metropolitan Transportation Authority, JPMorgan Chase Bank, N.A., Risk Management Solutions (RMS), EY Global Services Limited prod, Credit Suisse, LPL Financial, Northwestern University, TransUnion, US Senate, Blue Cross Blue Shield of Massachusetts, Domino and #x27;s, Cigna, GCM Grosvenor, Nomura Holdings, Inc., Harris Associates, Wyndham Capital Mortgage, UNITED PARCEL SERVICE, NATIONAL GRID CO USA (NE POWER), MathWorks, IBM, Goldman Sachs, TIAA, Amazon.com Services LLC, Abbvie, Dun and Bradstreet, BDO