GRC integrates organizational governance (policies/procedures), risk management (identifying and managing risks), and compliance (meeting legal/regulatory requirements).
GRC programs align security with business objectives. Tools: Archer, ServiceNow GRC. Security governance = leadership direction. Risk management = systematic risk treatment. Compliance = meeting external requirements (GDPR, HIPAA, PCI DSS).