Artwork

Raj Krishnamurthy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Raj Krishnamurthy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!

RGC, Not GRC: Why Risk Comes First ft Ricky Waldron

1:19:19
 
공유
 

Manage episode 491028759 series 3644937
Raj Krishnamurthy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Raj Krishnamurthy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

What if compliance wasn't just about passing audits—but about building trust from the ground up?

In this powerful episode of Security & GRC Decoded, Raj sits down with Ricky Waldron, Director of Security Audit & GRC at Navan, whose GRC experience spans tech giants like Microsoft, Disney, Oracle, and Smartsheet. Ricky shares how GRC is evolving into a strategic business partner, why automation and technical fluency are no longer optional, and what it takes to make compliance an engine of trust, not a blocker.

From FedRAMP horror stories to generative AI workflows, this conversation dives deep into the future of governance, risk, and compliance—and why it's time for GRC teams to start thinking like engineers.

🔑 5 Key Takeaways

  • 💥 Compliance = Security (If Done Right): Internal compliance based on risk and business needs often leads to stronger security outcomes than external certifications alone.
  • 🤝 Stop Policing, Start Partnering: GRC shouldn’t just point out problems—it should offer solutions and collaborate with teams to reduce risk.
  • 📊 Quantify Risk to Speak Leadership’s Language: Turn technical risk into business impact using frameworks like FAIR to get buy-in and budget.
  • ⚙️ Automation Is GRC’s Future: From policy drafting with AI to continuous control monitoring, GRC teams must become technical and leverage automation.
  • 🧩 GRC as a Sales Enabler: GRC isn't just an internal function—it builds trust with customers, shortens sales cycles, and helps close deals.

✅ Take Action

  • Explore risk-first approaches: Lead with R in GRC to align controls with actual business risks.
  • Invest in automation: Save engineering hours and scale audits with continuous evidence collection.
  • Use GenAI wisely: Leverage it for speed, but ensure strong human review before anything goes to auditors.

🔗 Powered by ComplianceCow.com – automate audits, collect evidence continuously, and shift GRC left.
🎧 Subscribe to
Security & GRC Decoded for weekly insights from today’s top compliance leaders.
💼 Connect with
Ricky Waldron on LinkedIn.

⏱ Timestamps (approx.)

00:00 – Intro
01:35 – Hot take on GRC
04:31 – Why GRC & Security clash
08:44 – GRC is storytelling
12:57 – Risk comes before compliance
16:08 – How to talk risk with execs
20:41 – Trust as a compliance goal
24:50 – Keeping your promises
27:54 – Why GRC struggles with automation
33:15 – Speaking engineers’ language
38:50 – GRC as the customer conduit
45:00 – GRC as sales enablement
47:15 – How Ricky learned FedRAMP
50:20 – What is FedRAMP 20X?
52:27 – Why OSCAL hasn’t taken off
56:15 – Would you use OSCAL commercially?
58:36 – GenAI in GRC workflows
1:02:31 – Using AI with auditors
1:06:45 – State of GRC tooling
1:12:30 – Getting budget for automation

  continue reading

21 에피소드

Artwork
icon공유
 
Manage episode 491028759 series 3644937
Raj Krishnamurthy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Raj Krishnamurthy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

What if compliance wasn't just about passing audits—but about building trust from the ground up?

In this powerful episode of Security & GRC Decoded, Raj sits down with Ricky Waldron, Director of Security Audit & GRC at Navan, whose GRC experience spans tech giants like Microsoft, Disney, Oracle, and Smartsheet. Ricky shares how GRC is evolving into a strategic business partner, why automation and technical fluency are no longer optional, and what it takes to make compliance an engine of trust, not a blocker.

From FedRAMP horror stories to generative AI workflows, this conversation dives deep into the future of governance, risk, and compliance—and why it's time for GRC teams to start thinking like engineers.

🔑 5 Key Takeaways

  • 💥 Compliance = Security (If Done Right): Internal compliance based on risk and business needs often leads to stronger security outcomes than external certifications alone.
  • 🤝 Stop Policing, Start Partnering: GRC shouldn’t just point out problems—it should offer solutions and collaborate with teams to reduce risk.
  • 📊 Quantify Risk to Speak Leadership’s Language: Turn technical risk into business impact using frameworks like FAIR to get buy-in and budget.
  • ⚙️ Automation Is GRC’s Future: From policy drafting with AI to continuous control monitoring, GRC teams must become technical and leverage automation.
  • 🧩 GRC as a Sales Enabler: GRC isn't just an internal function—it builds trust with customers, shortens sales cycles, and helps close deals.

✅ Take Action

  • Explore risk-first approaches: Lead with R in GRC to align controls with actual business risks.
  • Invest in automation: Save engineering hours and scale audits with continuous evidence collection.
  • Use GenAI wisely: Leverage it for speed, but ensure strong human review before anything goes to auditors.

🔗 Powered by ComplianceCow.com – automate audits, collect evidence continuously, and shift GRC left.
🎧 Subscribe to
Security & GRC Decoded for weekly insights from today’s top compliance leaders.
💼 Connect with
Ricky Waldron on LinkedIn.

⏱ Timestamps (approx.)

00:00 – Intro
01:35 – Hot take on GRC
04:31 – Why GRC & Security clash
08:44 – GRC is storytelling
12:57 – Risk comes before compliance
16:08 – How to talk risk with execs
20:41 – Trust as a compliance goal
24:50 – Keeping your promises
27:54 – Why GRC struggles with automation
33:15 – Speaking engineers’ language
38:50 – GRC as the customer conduit
45:00 – GRC as sales enablement
47:15 – How Ricky learned FedRAMP
50:20 – What is FedRAMP 20X?
52:27 – Why OSCAL hasn’t taken off
56:15 – Would you use OSCAL commercially?
58:36 – GenAI in GRC workflows
1:02:31 – Using AI with auditors
1:06:45 – State of GRC tooling
1:12:30 – Getting budget for automation

  continue reading

21 에피소드

모든 에피소드

×
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

빠른 참조 가이드

탐색하는 동안 이 프로그램을 들어보세요.
재생