Security & GRC Decoded

Raj Krishnamurthy
  • 5.0(1개의 평가)
  • 과학 기술
  • 격주 업데이트

How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC). Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy. It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates. Security & GRC Decoded brings you: Actionable strategies, expert insights, and real-world stories to elevate your Security GRC programs. Each episode explores frameworks, risk management strategies, and innovations shaping the future of GRC – from practitioners in the trenches. Subscribe now to unlock the tools and knowledge you need to succeed!

  1. 1일 전

    Does GRC Belongs Outside Security? The Case for an Independent Second Line ft Charles Nwatu - GRC Engineering Leader

    What if GRC shouldn’t sit inside Security at all—and what if the bigger problem isn’t automation, but what you do after you automate? In this episode, Raj Krishnamurthy sits down with Charles Nwatu (former Security GRC Engineering & Assurance leader at Netflix) for a candid, systems-level conversation about why “annual audit rituals” fail modern engineering, how GRC can produce high-fidelity signals that strengthen security decision-making, and why the next wave of GRC engineering is about analytics, specifications, and business impact—not just speeding up evidence collection. Key Takeaways: GRC is a continuous discipline—point-in-time compliance can help, but it can’t be the end state.Automation is necessary but not sufficient: the real value is in turning collected evidence into actionable insights.Specifications enable measurement—without clear expected behaviors, security metrics become inconsistent and hard to compare.GRC can feed security with high-fidelity signals (like identity/access review metadata) that improve posture beyond audit readiness.Third-party risk doesn’t “finish”—the goal is visibility, data lineage awareness, and making the mess less messy.  What You’ll Learn: Where Charles believes GRC should sit org-wise—and why Security should be a “customer” of GRCWhat “shift-left GRC” looks like in practice (beyond annual audits)Why “efficiency savings” don’t automatically equal “security value”How to think about metrics, specifications, and risk in a shared languageWhy third-party risk management is “unsolvable,” and how to build guardrails anyway This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Charles Nwatu | GRC Engineering Leader Connect on LinkedIn: https://www.linkedin.com/in/cnwatu/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

    1시간 1분

  2. 1월 27일

    GRC Is an Engineering Discipline. Not a Checklist. ft Akhila Chitiprolu, Head of Security & GRC @ Sierra

    GRC has long been seen as abstract, manual, and disconnected from how modern engineering teams actually work, but that narrative is breaking down. In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Akhila Chitiprolu, Head of Security & GRC at Sierra, to explore why GRC must be treated as an engineering discipline, not a compliance afterthought. Drawing from her experience across T-Mobile, Expedia, Stripe, and AI-native companies, Akhila explains how systems thinking, automation, and shared ownership can radically reduce compliance toil while increasing trust. This conversation goes deep into GRC engineering, audit realities, automation tradeoffs, and what the future of compliance looks like in an AI-driven world. Key Takeaways: GRC works best when treated as a system with inputs, processes, outputs, and feedback loops Automation should focus on intent and outcomes, not blindly speeding up broken manual processesGRC professionals act as a middleware layer between engineers, auditors, and customersNot all controls should be automated — but 70% can be, with humans in the loop where it mattersThe future of GRC depends on engineering mindset, context, and trust, not checklists What You’ll Learn: Why GRC is fundamentally a systems engineering problemHow to reduce engineering toil without weakening audit postureWhen automation helps — and when it creates false efficiencyHow GRC teams should approach AI, agents, and non-deterministic systemsPractical ways to build a GRC engineering function over timeThis podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Akhila Chitiprolu | Head of Security & GRC | Sierra Connect on LinkedIn: https://www.linkedin.com/in/akhilachitiprolu/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

    55분

  3. 1월 13일

    GRC as a Growth Engine: From Checklists to Continuous Assurance ft Vivek Madan - Director of Security, Risk, and Compliance @ Fortinet

    In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Vivek Madan to unpack what it really means to run a modern GRC program inside a global cybersecurity company. Drawing from his journey across networking, security engineering, risk, and compliance, Vivek shares how GRC can function as a true business enabler—opening markets, accelerating revenue, and strengthening trust. This conversation stands out for its practical frameworks, real-world stories, and honest discussion about friction between engineering, security, auditors, and compliance teams, giving listeners a grounded view of how GRC works when it’s done right. Key Takeaways: GRC works best when it is positioned as a growth enabler that unlocks new markets, not just a compliance checkbox.Strong governance establishes foundational rules that allow security and risk decisions to scale consistently across the business.Storytelling is a critical GRC skill—people align with compliance when they understand the “why,” not just the requirement.Common controls frameworks reduce complexity when designed intentionally across global, application-specific, and product-specific needs.Automation matters, but process automation is just as important as technical automation to reduce compliance friction.What You’ll Learn: How GRC enables business expansion into regulated and global marketsWhy compliance resistance exists—and how to overcome itA practical 50–35–15 model for common controls frameworksHow to balance continuous assurance with annual auditsWhat modern GRC leaders look for when hiring talentThis podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Vivek Madan | Director of Security, Risk, and Compliance | Fortinet Connect on LinkedIn: https://www.linkedin.com/in/vivek-madan-cissp-ccsp/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts:https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

    55분

  4. 2025. 12. 30.

    Audit ≠ Security: Building Auditable Controls in a High-Velocity World ft Varun Prasad, Cloud Security & Privacy Assurance @ BDO

    Audits are often misunderstood, frequently disliked, and almost always viewed as a necessary evil — but what if that mindset is holding security teams back? In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Varun Prasad to unpack what audits are actually designed to do: provide reasonable assurance, not absolute security. Drawing on more than two decades of experience across internal and external audits, Varun explains why “auditable controls” are the missing link between fast-moving engineering teams and slow, annual audit cycles — and how organizations can stop treating audits as an afterthought and start using them as a trust-building mechanism. Key Takeaways: Audits are designed to provide reasonable assurance, not eliminate all risk The biggest failure in modern GRC is building controls that are automated but not auditableContinuous controls monitoring only works if auditors can validate completeness and accuracyScreenshots persist because they remain the clearest way to demonstrate system state over timeSecurity controls should be built to improve posture first — and explained clearly second What You’ll Learn: Why audit skepticism is a feature, not a flawHow internal and external audits serve fundamentally different purposesWhere continuous monitoring breaks down from an auditor’s perspectiveWhat “auditable controls” actually mean in CI/CD environmentsHow AI can assist auditors without replacing human judgmentThis podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Varun Prasad | Cloud Security & Privacy Assurance | BDO Connect on LinkedIn: https://www.linkedin.com/in/varunprasad/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

    59분

  5. 2025. 12. 16.

    Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK

    In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Tom Scuderi, Senior Manager of Security & GRC at LTK and a veteran practitioner who has spent his career building governance functions at QTS, Tableau, Salesforce, and LTK. Tom shares how to scale GRC in high-growth environments by designing processes that resemble engineering workflows, reducing friction with stakeholders, and shifting from reactive audits to continuous visibility. He breaks down why curated visibility beats blanket access, why SOC 2 should sharpen—not dilute—your security program, and how to anchor leadership decisions with meaningful risk data. Key Takeaways GRC only scales when its processes mirror how engineering teams already work.SOC 2 should enhance your security program rather than becoming a superficial checkbox exercise.Curated visibility reduces friction and improves cross-functional trust.Clarity in ownership is the backbone of a scalable GRC function.Continuous, context-driven evidence cuts audit fatigue and sharpens the entire program.What You’ll Learn How Tom built and matured GRC programs across four different companies.Why engineering alignment is essential for sustainable compliance.How curated visibility replaces access sprawl and accelerates audits.The difference between risk-driven and compliance-driven GRC.Why automation only works when underlying processes are mature.How to structure ownership to reduce bottlenecks during SOC 2 and similar frameworks.This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Tom Scuderi | Senior Manager of Security & GRC | LTK Connect on LinkedIn: https://www.linkedin.com/in/tom-scuderi/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify:  https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450 #SecurityAndGRCDecoded #RajKrishnamurthy #TomScuderi #LTK #GRC #ScalingGRC #SOC2 #EngineeringAlignment #RiskManagement #SecurityLeadership #Compliance #GovernanceRiskCompliance #SecurityGRCPodcast #ComplianceCow

    56분

  6. 2025. 12. 02.

    Controls Are Promises: Rethinking GRC for Modern Security ft Sergio Alonso @ Rapid7

    In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Sergio Alonso, a seasoned GRC and information security leader at Rapid7, whose 17–year career spans auditing, high-regulation banking, blockchain innovation at Akamai, privacy GRC at Twitter, and now trust and governance in cybersecurity. Sergio breaks down how to translate legacy compliance thinking into modern engineering-aligned practices, why automation is the only scalable path forward, and how controls should be treated as “promises” that teams must honor every day. This conversation explores scaling GRC in high-velocity environments, reducing compliance fatigue, applying zero-knowledge principles to trust, and building the next generation of context-driven risk programs. Key Takeaways Automation is the only sustainable path to scaling GRC without increasing friction.Controls should be viewed as “promises,” and audits as the consequence of keeping or breaking them.Context — technical, business, and risk — is the primary driver of effective triage and prioritization.GRC must evolve from a legacy function into a trust-driven, engineering-aligned discipline.Zero-knowledge-style thinking may define the future of transparency and customer trust.What You’ll Learn How to adapt legacy compliance experience for cloud, SaaS, and fast-moving tech companies.Why automation, evidence APIs, and GRC engineering are becoming non-negotiable.How to reduce compliance fatigue using “meet once, meet many” principles.Why context is the key to reducing noise from security tools.How to partner with engineers using empathy, clarity, and strong framing.Why trust and transparency are reshaping GRC inside cybersecurity companies.This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Sergio Alonso | GRC & Information Security Leader | Rapid7 Connect on LinkedIn: https://www.linkedin.com/in/salonsor/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5xuvsT8HdJsa2sbhAFZQhL Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

    56분

  7. 2025. 11. 13.

    How Pragmatic Controls Build Trust Between GRC, Security, and Engineering ft Mukund Sarma, Deputy CISO @ Chime

    In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Mukund Sarma, Deputy CISO and Head of Product Security at Chime, to explore what happens when governance, risk, and compliance teams work with engineering instead of against it. Mukund shares real-world lessons from a decade in security, explaining how to balance shift-left initiatives, build paved paths that reduce friction, and make compliance a natural byproduct of great engineering. This is a masterclass in aligning security, GRC, and DevOps for scale and sanity. 5 Key Takeaways GRC isn’t a blocker—it’s a mirror that keeps security honest and accountable.Strong security engineering automatically strengthens compliance outcomes.Friction between security and engineering fades when empathy drives collaboration.“Shift left” works best when paved paths and automation support developers.Practical controls and continuous validation create sustainable, scalable governance.What You’ll Learn How to bridge silos between security, GRC, and engineering teams.Why automation and continuous control monitoring are the future of compliance.What “practical controls” really mean in modern DevSecOps environments.How empathy and communication transform security culture.Why compliance should follow great security engineering, not lead it.Real-world examples from Chime’s approach to product security.This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Mukund Sarma | Deputy CISO and Head of Product Security | Chime Connect on LinkedIn: https://www.linkedin.com/in/sarmamukund/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450?i=1000736617569

    57분

  8. 2025. 10. 30.

    How to Build Trust Between GRC and Engineering ft Tristan Ingold, Security GRC Program Manager at Meta

    How do you build real trust between GRC and engineering? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Tristan Ingold, Security GRC Program Manager at Meta. Tristan shares how consulting shaped his approach, why “policing” doesn’t work, and how GRC earns influence by acting as a partner to engineering -- not a blocker. He discusses the cultural friction between audit, security, and product teams, how to communicate in the language of engineering, and why the right role for GRC is a “sparring partner” that helps teams ship safer, faster. From reframing control objectives to focusing on evidence the business already produces, this conversation is a practical playbook for building credibility and velocity at the same time. 5 Key Takeaways Partnership Over Policing: GRC earns influence by modeling partnership behaviors and meeting teams where they are.Translate Controls to Engineering: Use product language and existing telemetry; design evidence around the way the system actually works.Make It Observable: Treat GRC like an observability layer -- surface risk signals the business already emits.Tell the Story, Not the Score: Dashboards support the narrative; they aren’t the narrative. Lead with context and trade-offs.Define the Right Role: The best GRC teams act as a sparring partner --challenging, supportive, and focused on outcomes.What You’ll Learn How to rebuild trust with engineering after “audit fatigue”Practical ways to convert control requirements into product languageHow to design evidence from logs, pipelines, and tickets you already haveWhen to push, when to partner, and how to escalate with credibilityCommunicating risk trade-offs without killing roadmap velocityConnect With Our Guest: Tristan Ingold | Security GRC Program Manager | Meta This podcast is brought to you by ComplianceCow - the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Watch more episodes Rate, review, and share if you enjoyed the show!  Subscribe to Security & GRC Decoded wherever you get your podcasts: SpotifyApple Podcasts

    57분
모두 보기(29개)

평가 및 리뷰

소개

How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC). Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy. It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates. Security & GRC Decoded brings you: Actionable strategies, expert insights, and real-world stories to elevate your Security GRC programs. Each episode explores frameworks, risk management strategies, and innovations shaping the future of GRC – from practitioners in the trenches. Subscribe now to unlock the tools and knowledge you need to succeed!

정보

  • 제작진
    Raj Krishnamurthy
  • 방송 연도
    2025년 - 2026년
  • 에피소드
    29
  • 등급
    전체 연령 사용가
  • 저작권
    © 2026 Security & GRC Decoded
  • 웹사이트 보기
    Security & GRC Decoded