05 Controls Management

Risk Cypher will support the development of an integrated Technology Controls Management program as needed and directed by the client.

05 Controls Management

Risk Cypher will maintain the availability of resources for the performance of the following activities:

● Design and implement an enterprise-wide IT Controls Management lifecycle program, including the process of creating, updating, reviewing, and approving controls
● Update existing controls listing to align with desired frameworks
● Identify control attributes and define which are required vs. optional
● Create a methodology for the identification of key controls and establish key controls library


In support of the objectives described above, Risk Cypher will also have responsibility for the following deliverables:

● Performance of a gap analysis on existing risks and controls to relevant organizational and regulatory frameworks (NIST CSF / 500-83, GLBA, NIST RMF)
● Development and communication of a consolidated and consistent controls library
● Development of a Controls Library to be imported within a module of the target GRC platform
● Develop a control testing program (ToD, ToE) as aligned with the ongoing IT RCSA program
● Develop centralized control effectiveness reporting program (including procedure) as aligned with the overall IT Risk & Security Reporting program