Works with management to develop and implement a governance, risk, and compliance (GRC) strategy that aligns the business, information technology and governance domains. Plans, organizes and directs regulatory enforcement activities to ensure that all applicable statutes, rules, and regulations are met. Provides mentorship, guidance, and relevant technical training to other Information security staff and other departments. Assesses the maturity of existing discrete compliance and risk management programs to support scope definition of the GRC program. Assists in the vendor selection process and development of the agency’s GRC platform. Work with Information security and other staff to establish processes, standards and baseline thresholds for measurement, monitoring, reporting, mitigation and remediation of identified risks. Monitors and suggests improvements to the GRC program. Understands the agency’s response plan for risks and threats, and supports the remediation and response process by reporting necessary information and materials to the agency’s management. Collaborates across the agency to facilitate proactive alignment between internal and external security requirements and processes and technology to administer GRC . Performs research in GRC technology, processes updates, and best practices, and advises management on adoption to improve GRC capabilities. Develops reports and dashboards to present the level of controls compliance and the current IT risk posture.