General - how big are GRC teams?

Does not really matter why, but i worked with a team that looked 400 organisations around the world (large, medium, all verticals, etc) and reviewed (using a power linkedin profile) for each one of them:

1/ how many employees they have
2/ how many have the “CISO” title
3/ how many have the “security” title

We looked at other things, but im only allowed to share this bit.

Average Sec. team: %0.5 of total workforce
Max Sec. Team: %8 of total workforce

So according to this numbers, for every 1000 employees 5 should have something to do with “Security”…

ps. none of the companies analysis is specialised in security.

with eramba i was lucky to meet many many people that run grc teams - my personal appreciation is that that %5 is (at least) twice of what i would normally see and of course verticals do play a role. finance and tech “unicorns” have larger teams in average.