Compliance, Policy, Risk, and Audit function

["Penn, Blake C" <blake.penn () SECURITY GATECH EDU>]

After having built up a somewhat robust SecOps/SecEng function within Cyber, we are now looking to build out a 
similarly robust function on the GRC side of things.  Can anyone share (either on or off-list) details related to this 
part of cyber within your respective institutions - staffing levels, org charts, PDs, etc., or know of any related 
resources?



Thanks in advance,



Blake Penn

Information Security Policy and Compliance Manager

Cyber Security

Georgia Institute of Technology

(404) 385-5480

blake.penn () security gatech edu