Governance Risk and Compliance (GRC)
<meta name="title" content="Governance, Risk, and Compliance (GRC) - Comprehensive Framework for Business Security" /> <meta name="description" content="Explore Governance, Risk, and Compliance (GRC) strategies to align corporate policies, manage risks, and ensure regulatory compliance." />
Governance, Risk, and Compliance (GRC)
Overview
Governance, Risk, and Compliance (GRC) integrates organizational strategy with regulatory adherence, risk management, and ethical standards to ensure sustainable and accountable business operations. This discipline bridges business and finance objectives with cybersecurity and operational controls to minimize risk, support compliance, and drive organizational resilience.
---
Core Synergies Between Business, Finance & GRC
These areas bridge organizational strategy, financial oversight, and regulatory responsibility:
- Risk Quantification & Reporting — measuring potential financial exposure and aligning risk assessments with business outcomes
- Strategic Planning & Gap Analysis — evaluating current policies and internal controls to close compliance gaps
- Policy Development & Governance — designing governance frameworks supporting ethical, financial, and operational accountability
- Financial Controls & Compliance Monitoring — ensuring financial processes meet standards like SOX, ISO, and industry-specific regulations
- Data Analytics & Performance Measurement — leveraging metrics and dashboards to track compliance KPIs, fraud risk, and audit readiness
---
Professional Experience
Founder / Privacy Engineer, Mangosteen Consulting (2019 - Present)
- Proactively identify information security deficiencies and opportunities for improvement, facilitating pragmatic solutions
- Develop PHI and PII UML design and visualization, emphasizing relevant laws and policies for data protection
- Establish organizational responsibilities for safeguarding PII and PHI and communicate penalties for non-compliance
- Build and maintain comprehensive US privacy programs aligned with HIPAA and cross-jurisdictional privacy requirements
- Collaborate with ITS Security to ensure alignment between privacy and cybersecurity compliance programs
- Lead complaint investigations concerning breaches in privacy policies and present updates to senior leadership
- Customize ISO 22301 Business Continuity Management Systems (BCMS) policies to enhance disaster recovery capabilities
- Guide clients in achieving ISO 27001 compliance through systems and policy alignment
Chief Information Security Officer, Charles Edda & Charles Bouley, INC. (2015 – 2019)
- Identified and addressed information security vulnerabilities, facilitating the development of practical solutions
- Provided escalation and coordination for security incidents and inquiries, supporting cyber risk assessments
- Led security strategy prioritizing user data and product security, aligning with organizational risk appetite
- Supported third-party risk management and compliance initiatives, ensuring regulatory adherence
---
Certifications and Licenses
- Cybersecurity | National Emergency Response & Recovery Training Center (NERRTC) / Texas A&M Engineering (TEEX)
- Six Sigma Project Management and Continuous Improvement | The Quality Group
- Certified Management and Quality / Engineer of Quality | American Society for Quality
- UMI Visualization and Presentation
- PKI Overview and Encryption | Defense Information Systems Agency (DISA - IASE)
- Personal Identifiable Information | Defense Information Systems Agency (DISA – IASE)
---
Education
- Ph.D. in Learning/Information Technology and Performance Improvement, University of North Texas, College of Information, August 2013
- M.S. in Communication Studies, Texas Christian University, Bob Schieffer College of Communication, June 2003
---
Further Reading & Professional Resources
Books by Dr. Rachel Levitch:
- WHFF.TV Presents Parenting and Technology: Social Media, Negative Content Creation and Desensitization (Kindle Edition)
- WHFF.TV Presents Deepfake Pornography: A Historical Lesson For Parents (Kindle Edition)
Professional Conferences & Workshops:
- Dallas Cyber Security Summit (Annual) – Networking and insights on protecting critical infrastructures.
- 2018 Women’s Luncheon – Advocating for women’s advancement in education and career.
- Fort Worth Vendor Symposium – Community intelligence and investigation presentations.
Associations & Government Resources:
Certifications & Training:
- Cybersecurity | National Emergency Response & Recovery Training Center (NERRTC)/Texas A&M Engineering (TEEX)
- Six Sigma Project Management and Continuous Improvement | The Quality Group
- Certified Management and Quality/Engineer of Quality | American Society for Quality
- PKI Overview and Encryption | Defense Information Systems Agency (DISA - IASE)
- Personal Identifiable Information | Defense Information Systems Agency (DISA – IASE)
Further Reading & Resources
- [United States Computer Emergency Readiness Team (US-CERT)](https://www.us-cert.gov)
- [National Cyber Security Alliance for Safety Online](https://staysafeonline.org)
- [ISO 27001 Standard](https://www.iso.org/isoiec-27001-information-security.html)
- [SOX Compliance Overview](https://www.soxlaw.com)
---
Published Book
== WHFF.TV Presents Parenting and Technology: Social Media, Negative Content Creation and Desensitization (Episode Book 1) Kindle Edition by Dr. Rachel Levitch (Author) Format: Kindle Edition ==
"You want children to learn how to defend themselves against bullying? Teach them how to box. You want your kids to understand the nuance, discipline, and self-control? Teach them how to clean the home, mow the grass, and build an outdoor fireplace. And if you want your children to be protected online — then teach them to code. Help them with bridges, onions, and proxies: place trackers in their pictures and how to scrub their information from the web."
Free parenting and technology episodes available at WHFF.TV Parenting and Technology Series.
Streaming now: WHFF.TV Presents Deepfake Pornography.
Published Book
- *WHFF.TV Presents Deepfake Pornography: A Historical Lesson For Parents (WHFF.TV Presents Deepfake Pornography Technology)*, Kindle Edition. Get it now on Amazon.
Dr. Levitch supports security teams in monitoring and protecting the organization's security posture now and into the future. Companies are improving their privacy standards with the help of their employees to comply with government laws and retain their customer base. With the new wave of artificial intelligence, parents need to approach security to comprehensively protect what matters most to them. Visit The Shape Your Own Future firm at Shape Your Own Future.
Summary
Governance, Risk, and Compliance frameworks integrate financial risk management, incident response, and SIEM for organizational security and compliance.
