GRC Engineer
The podcast for practitioners applying systems thinking and engineering principles to GRC. We speak with GRC leaders, security engineers and practitioners transforming legacy GRC through automation, orchestration, and architectural thinking. Learn how to design scalable systems, build better workflows and solve coordination challenges. GRC Engineering works everywhere: from spreadsheets to enterprise platforms, AI startups to Fortune 500s. It also works for you! Hosted by Ayoub Fandi, founder of GRC Engineer, co-author of the GRC Engineering manifesto and leading GRC Engineering at GitLab.
Episodes
Every compliance framework you know was built for deterministic systems. AI agents are not deterministic. That's why AIUC-1 was born.In this episode, I sit down with Danny from Schellman and Rajiv Dattani, co-founder of AIUC, to break down the first compliance framework purpose-built for AI agents. We cover the six pillars (data & privacy, security, safety, reliability, accountability, societal risks), how the technical tes...
Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc
---
What happens when you have to merge three operating systems, satisfy FedRAMP requirements, and keep engineers happy whilst building enterprise security at scale?
In this episode, Kane Narraway, previously leading enterprise security at Atlassian, building Zero Trust at Shopify, and now running enterprise ...
Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc---Troy Fine has conducted hundreds of SOC 2 audits over 15 years. In this conversation, he reveals uncomfortable truths about the audit market that most practitioners won't discuss openly.His most explosive admission: "Nobody can measure audit quality." Not TPRM teams. Not buyers. Not even auditors thems...
Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun.
Get your $750 Gap Assessment at paramify.com/grc.
To get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe
Wrong ink colours. $300,000 authorizations. Congressional investigations within the first month. How do you fix federal compliance from the inside?In this episode, Pete Waterman, Director of FedRAMP, shares ho...
To get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe
How do you build a modern GRC programme when you inherit processes designed for a team three times your size, in an organisation where "compliance frameworks were owning us instead of us owning them"?
In this episode, Emre Ugurlu and Chad Fryer from Docker share their journey transforming compliance, risk, and cust...
Check out grcengineer.com to learn more!SummaryIn this engaging conversation, Ayoub Fandi and Varun Gurnaney explore the evolving landscape of Governance, Risk, and Compliance (GRC) engineering. Varun shares his unique journey from cybersecurity to GRC, emphasizing the importance of automation and collaboration between engineering and compliance teams. They discuss the challenges faced in GRC, the philosophical aspects of risk mana...
To learn more, check out grcengineer.com
Summary
In this episode, Dr. Ibrahim Waziri Jr. shares his extensive experience in GRC engineering and cybersecurity, discussing the evolution of compliance from static documentation to dynamic, automated processes. He emphasizes the importance of GRC engineering in bridging different governance models and enhancing operational efficiency. The conversation also explores the challenges of burea...
To learn more, go to grcengineer.com
SummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering.
They discuss Tony's career journey from IT to risk management, the importance of cyber risk quantification, and the interplay between governance, risk, and compliance. Tony shares insights on the benefits of risk assessments for various sta...
Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribe
In this insightful episode of the GRC Engineering Podcast, host Ayoub Fandi sits down with Ange Ferrari, SVP & CISO at Metro Group, for a deep dive into how GRC has evolved over two decades and what it takes to scale security programs globally.
Our ...
Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribe
In this premiere episode of the GRC Engineering Podcast Experts Panel, host Ayoub Fandi brings together three seasoned Third-Party Risk Management (TPRM) practitioners to discuss the real-world challenges and innovations in vendor security assessment.O...
In this groundbreaking episode of the GRC Engineering Podcast, we bring together executives from the 7 leading GRC automation platforms for an unprecedented discussion on the future of compliance automation. For the first time ever, leaders from Vanta, Drata, Anecdotes, Secureframe, Sprinto, Scrut Automation, and Thoropass share the same virtual stage to debate critical industry topics, challenge common assumptions, and share their...
If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe
In this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile.
Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compliance into engineering-driven program...
To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer.
Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo.
Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative.
He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk...
Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.
Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GRC objectives
Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud.
With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.
Episode Summary
In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail.
Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced envi...
Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The latest news in 4 minutes updated every hour, every day.
Emergency Intercom is a comedy podcast by Enya Umanzor and Drew Phillips. There is no emergency, but there is an intense need for attention, so maybe listen up… You don’t want to know what happens if you don’t. (we will be violent)
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.