An Inside Look at GRC
CMS faces a myriad of challenges that require a delicate balance between innovation and risk mitigation. Enter the Governance, Risk, and Compliance (GRC) team – the unsung heroes working diligently behind the scenes to modernize CMS’s overall approach to information system security.
We recently had the privilege of sitting down with key members of the GRC team to demystify their crucial role and shed light on their day-to-day responsibilities. This insightful journey into the world of GRC unveils the intricate web of processes, strategies, and decision-making that form the backbone of organizational resilience.
This interview series aims to bridge the gap between the often enigmatic nature of GRC work and the curiosity of those seeking a deeper understanding. Get ready to delve into the world of governance, risk, and compliance, where foresight, strategy, and adaptability reign supreme.
Area of Work
The GRC Team is entrusted with the task of thoroughly investigating and examining the existing GRC landscape within CMS. Their overarching goal is to modernize GRC processes at CMS by meticulously identifying and effectively communicating challenges, generating relevant artifacts, and formulating potential solutions.
Team Composition and Collaboration
The GRC team believes in the strength of interdisciplinary collaboration, bringing together individuals with skills in compliance, IT security, process governance, and cyber security. Regular team meetings and open communication channels foster a collaborative environment, enabling the team to leverage the unique strengths of each person. Here’s a helpful list to reference if you are unfamiliar with who is on the GRC Team and their role.
- Dr. Delminquoe Cunningham, User Experience (UX) Researcher
- Jeffrey Neimy, Cybersecurity
- Joel Rospert, Cybersecurity
- Juan Corral, Product Development Specialist, Govt Task Lead
- Lindsey Mitros, Cybersecurity
- Marc Masuno, Cybersecurity
- Mariela Morales, Project Manager (PM)
- Shawnte Singletary, Director of Security & Privacy Compliance
- Tim Tipton, Cybersecurity
- Trish Sierer, Technical Writer
- Vani Lozano Enriquez, UX Researcher
Collaboration Methods
The GRC Team operates under an agile methodology. This means the team takes an iterative approach to tasks, working in continuous cycles to develop, test, and refine products continuously. The team constantly collaborates via their project Scrum Board, Daily Stand-Up, and Working Sessions.
Unique Aspect of Our Group
The GRC Team is working hard to drive and support several value streams. One initiative the team is currently working on is creating educational content that can provide more context to the GRC program at CMS. Below are some resources available now and coming soon to Cybergeek and Confluence.
- Check out the GRC page on CyberGeek to enhance your understanding of GRC within the CMS context.
- A high-level diagram illustrating the GRC landscape at CMS. This model will show the continuous relationship between governance, risk, and compliance and how it pertains to the target lifecycle.
- A Cybergeek space where a comprehensive list of federal policies can be found. This resource is meant to be leveraged as the source of truth and provide context as to what policies drive how security and privacy are managed within CMS.
Paving the Path Forward
Looking ahead, the GRC Team is poised for a phase of strategic evolution. These forthcoming goals highlight their commitment to continuous enhancement, ensuring that they not only meet current challenges but also proactively prepare for the future. GRC’s goals include:
- Establish a GRC steering committee to enhance decision-making, transparency, and accountability.
- Increase cross-collaboration with other ISPG teams in order to implement GRC best practices and improve current processes.
- Improve GRC through the Federal Information Security Modernization Act (FISMA) maturity model to identify gaps and propose solutions.
The GRC Team stands as a beacon of adaptability and foresight. By embracing strategic goals, they not only enhance their own capabilities but contribute significantly to the overall resilience and integrity of CMS. As we anticipate these transformative changes, it's clear that the GRC Team is not just responding to challenges – they are actively shaping the future of governance in the organization.