The Unfiltered GRC Automation Roundtable: 7 Platform Executives on Enterprise GRC & Commoditisation
In this groundbreaking episode of the GRC Engineering Podcast, we bring together executives from the 7 leading GRC automation platforms for an unprecedented discussion on the future of compliance automation. For the first time ever, leaders from Vanta, Drata, Anecdotes, Secureframe, Sprinto, Scrut Automation, and Thoropass share the same virtual stage to debate critical industry topics, challenge common assumptions, and share their visions for the future of GRC.Featured Guests:Jake Bernardes - CISO, AnecdotesMatt Hillary - CISO, DrataJeremy Epling - Chief Product Officer, VantaShrav Mehta - Founder & CEO, SecureframeGirish Redekar - Co-founder & CEO, SprintoNicholas Muy - CISO, Scrut AutomationAndrew Persons - VP of Product, ThoropassFrom the commoditisation debate to enterprise adoption challenges, get unique insights into how these platforms are shaping the future of GRC.Key Timestamps:00:00 Introduction and guest introductions09:00 Is compliance being commoditised? The vendor perspective32:30 Is Assurance impacted from selling compliance to non-GRC stakeholders49:30 If quality was very low, most GRC automation firms would be out of business54:30 Selling GRC automation to enterprise customers01:19:00 Working around existing legacy GRC platforms01:34:30 Risk of being replaceable as being embedded at the data layer01:38:40 Working with product feedback from non-customers01:46:45 GRC Engineering discussion01:50:00 Conclusion and key takeawaysSpecial thanks to our guests for making this historic conversation possible.This discussion represents a turning point in how we think about GRC automation and its role in modern organisations.#GRCEngineering
--------
1:52:35
Scaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3
If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribeIn this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile.Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compliance into engineering-driven programs that scale with modern technology companies. Drawing from over a decade of experience across tech, fintech, telecom, and AI, she provides practical strategies for building GRC Engineering capabilities from the ground up.Whether you're just starting your GRC Engineering journey or looking to scale existing efforts, this episode provides tactical advice on:- Transforming control design for automation and scalability- Convincing traditional auditors to accept API-driven evidence- Building the business case for GRC Engineering investments- Developing effective collaborations between technical and non-technical GRC staff- Measuring and demonstrating the value of engineering-driven compliance- Creating a roadmap for continuous control monitoringKey topics covered:00:00 Introduction and guest background02:58 Evolution of GRC: From spreadsheets to engineering-driven approaches04:05 The biggest pain point: Evidence collection at scale across multiple frameworks05:38 Why control design matters more than evidence automation alone11:20 The tipping point for GRC Engineering adoption in organizations13:30 Breaking down GRC process phases and where engineering adds value26:52 How to work with auditors on engineering evidence and build trust31:53 Build vs. Buy: Finding the right approach for your organization size37:10 Building relationships with engineering teams through shared pain points39:33 How compliance can become an engineering roadmap for platform teams42:04 Key principles for scaling GRC Engineering programs beyond initial wins48:19 GRC Engineers & Analysts: Working together effectively across skill sets53:41 The magic wand question: Asset to control view and community education
--------
57:41
AI Agents as the next GRC Frontier w/ Shruti Gupta from Zania | S2E2
To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer.
--------
1:06:27
Is GRC Engineering the next DevSecOps? w/ Justin from Klaviyo | S2E1
Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo.
Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative.
He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk, and compliance and how GRC Engineering could be the next DevSecOps.
Be warned, TPRM is taking repeated hits in this episode!
--------
57:37
GRC Engineering Podcast? The Who, the Why and the What w/ Ayoub Fandi | S1E1
Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.
The podcast helping Security GRC practitioners getting their career to the next level. We speak with trailblazers, innovators and experts in the GRC realm that champion an engineering-minded GRC practice.
Episodes are jam-packed with practical tips, concepts and use cases to help you scale your GRC program and create better relationships with your engineering and product colleagues.
Ireland