An effective GRC program must be more than focused on security, it also needs to meet privacy, business, and IT requirements. GRC programs need to be designed to be usable, sustainable, and scalable. A successful GRC strategy needs to integrate across the business and align with corporate culture, goals, and processes. A cyber-resilient business that understands its assets and can quickly respond to threats, minimize the damage, and continue to operate under attack, is a business that can grow with confidence, protect its reputation, and strengthen its customer trust.
Source: https://www.helpnetsecurity.com/2021/08/11/building-grc-program/