GRC Implementation:

Facilitate integrations for automated evidence collection, ensure accurate mapping for all controls and evidence, resolve errors and failed tests, designate ownership, and oversee platform management for effective implementation.

• Compliance Readiness: Assess compliance objectives, conduct a high-level review of the current posture, prioritise critical gaps, and establish achievable timelines for all work streams related to the specified compliance goals.

• Custom Policy & Procedure Creation: Customize policies and procedures to align with the business context, operating environment, risk tolerance, ownership structure, and recommended best practices.

• Evaluate and Develop effective Controls: Develop, tailor, implement, and evaluate Controls within the organisational context and operating framework; ensure alignment with risk tolerance, accountability, and recommended best practices.

• External Audit Management: Act as the point of contact with auditors (if required), represent the security and compliance program to all external parties, oversee discussions and redirect them to client teams when necessary, and provide client coaching on managing the audit process effectively.

• Penetration Test Support: Define the scope and appropriate levels of penetration testing, identify key differences, recommend suitable vendors, and evaluate options to ensure the efficient utilisation of available limited resources.

• Initial Risk Assessment: Conduct a fundamental, compliance-ready risk assessment to create a foundational risk register, designate risk owners, develop action plans, and set.

• Tabletop Exercises: Develop and record two tabletop exercises: one focused on Incident Response and another on Disaster Recovery.

• Vendor Risk Management: Grow and formalize a Standard Operating procedures (SOP) for Vendor Risk Management, with a focus on procurement and evaluations, and implement centralized management for vendor assessments.

• Vulnerability Management: Develop policies and corresponding standard operating procedures (SOPs) for patch and vulnerability management, incorporating CI/CD processes, to address infrastructure, code, applications, and workstations

• Incident Management development: Develop policies and accompanying standard operating procedures (SOPs) for Incident Management, incorporating a tabletop test and a lesson learned feedback exercise.

• Foundational Business Continuity & Disaster Recovery Development (BC/DR): Develop policies and corresponding standard operating procedures (SOP) for Business Continuity and Disaster Recovery (BC/DR), incorporating a tabletop and a lesson learned feedback exercise.

• Foundational Threat Management development: Develop policies, supporting standard operating procedures (SOPs), and a technical stack to establish robust foundational elements for threat visibility, reliable forensic trails, and thorough investigations, including 24/7 SIEM monitoring.