The correct answer is Perform a governance maturity assessment for the enterprise.

A governance maturity assessment for the enterprise establishes a clear baseline of current governance practices controls and compliance posture across departments. It identifies gaps and priorities so the organization can focus remediation where it reduces risk and meets regulatory requirements most effectively.

Starting with an assessment enables the GRC lead to define measurable objectives governance roles and a phased roadmap. It also provides evidence to secure budget and executive buy in before making major hires or implementing new tools and policies.

The option Hire additional governance and compliance personnel is incorrect because hiring before understanding current capability and gaps can lead to misaligned skills and wasted budget. Staffing decisions are best made after an assessment shows where capacity or expertise is actually needed.

The option Google Cloud Security Command Center is incorrect because that is a technical security tool and not a first step in enterprise governance design. It can help detect cloud security issues but it does not replace an enterprise level maturity assessment or the governance processes needed to manage risk and compliance across departments.

The option Immediately roll out new governance policies across departments is incorrect because deploying policies without a baseline and stakeholder alignment risks poor adoption conflicts and gaps. Policies should be based on assessment results and supported by training metrics and a staged implementation plan.

Full AWS Practitioner Certification Question