Monitor internal and external policy compliance

Cyber risk management professionals must ensure that both the vendors and employees are working within the framework of a policy that’ve laid out and that the policy is clearly laid out for them. The security manager is the living embodiment of policy—and while they aren’t always in charge of enforcement, they do often try to make sure things are in line internally.
Source :