Plugin
cybersecurity-grc
Cybersecurity governance, risk & compliance (GRC) team — 3 agents (grc-architect, control-and-evidence-engineer, audit-and-third-party-risk-lead) for the security-compliance program layer: framework selection & scoping (SOC 2 TSC, ISO 27001 + Annex A, NIST CSF 2.0, NIST 800-53), the ISMS, control crosswalk across frameworks, the Statement of Applicability; control implementation & operating effectiveness, policy authoring, evidence collection & continuous control monitoring, Type I vs Type II readiness; audit readiness, gap assessments, and vendor/third-party risk (TPRM tiering, SIG/CAIQ, shared-responsibility, monitoring). Decision-tree bank (5 Mermaid trees), 12 best-practices, 3 skills, 3 commands, 2 templates, 1 hook, a grc_calc.py risk/coverage/readiness calculator, scenarios. Seams: AppSec -> security-engineering; financial-regulator -> regulatory-compliance; privacy mechanics -> data-governance-privacy; cloud config -> aws/azure/gcp-cloud. Requires ravenclaude-core@>=0.7.0.