This repository demonstrates an enterprise Governance, Risk, and Compliance (GRC) program for a fictional financial services company.
- NIST Cybersecurity Framework (CSF)
- ISO/IEC 27001
- Cloud-hosted enterprise systems
- Security governance and policy framework
- Enterprise risk assessment and risk register
- Control design and testing
- Third-party risk management
- Incident response and reporting
- Executive-level risk metrics
This lab was created to demonstrate practical, job-ready GRC capabilities for full-time cybersecurity GRC roles.