Security & GRC Decoded
Security & GRC Decoded
Podcast Description
How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC).
Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs.
Hosted by Raj Krishnamurthy.
It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates.
Security & GRC Decoded brings you:
+ Actionable strategies.
+ Expert insights.
+ Real-world stories to elevate your Security GRC programs.
Each episode explores frameworks, risk management strategies, and innovations shaping the future of GRC – from practitioners in the trenches.
Subscribe now to unlock the tools and knowledge you need to succeed.
Podcast Insights
Content Themes
The podcast explores vital topics in security governance, risk management, and compliance, with episodes such as Engineering Better Relationships highlighting the engineering perspective in GRC and navigating AI Risks sharing crucial AI security insights, creating a comprehensive approach to modern security strategies
How today’s top organizations navigate the complex world of governance, risk, and compliance (GRC).Security & GRC Decoded brings you actionable strategies, expert insights, and real-world stories that help professionals elevate their security and compliance programs. Hosted by Raj Krishnamurthy.It’s for security professionals, compliance teams, and business leaders responsible security GRC and ensuring their organizations’ are safe, secure and adhere to regulatory mandates.Security & GRC Decoded brings you:+ Actionable strategies.+ Expert insights.+ Real-world stories to elevate your Security GRC programs.Each episode explores frameworks, risk management strategies, and innovations shaping the future of GRC – from practitioners in the trenches.Subscribe now to unlock the tools and knowledge you need to succeed.
How do you build real trust between GRC and engineering? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Tristan Ingold, Security GRC Program Manager at Meta. Tristan shares how consulting shaped his approach, why “policing” doesn’t work, and how GRC earns influence by acting as a partner to engineering — not a blocker.
He discusses the cultural friction between audit, security, and product teams, how to communicate in the language of engineering, and why the right role for GRC is a “sparring partner” that helps teams ship safer, faster. From reframing control objectives to focusing on evidence the business already produces, this conversation is a practical playbook for building credibility and velocity at the same time.
5 Key Takeaways
- Partnership Over Policing: GRC earns influence by modeling partnership behaviors and meeting teams where they are.
- Translate Controls to Engineering: Use product language and existing telemetry; design evidence around the way the system actually works.
- Make It Observable: Treat GRC like an observability layer — surface risk signals the business already emits.
- Tell the Story, Not the Score: Dashboards support the narrative; they aren’t the narrative. Lead with context and trade-offs.
- Define the Right Role: The best GRC teams act as a sparring partner —challenging, supportive, and focused on outcomes.
What You’ll Learn
- How to rebuild trust with engineering after “audit fatigue”
- Practical ways to convert control requirements into product language
- How to design evidence from logs, pipelines, and tickets you already have
- When to push, when to partner, and how to escalate with credibility
- Communicating risk trade-offs without killing roadmap velocity
Connect With Our Guest:
Tristan Ingold | Security GRC Program Manager | Meta
This podcast is brought to you by ComplianceCow – the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Disclaimer
This podcast’s information is provided for general reference and was obtained from publicly accessible sources. The Podcast Collaborative neither produces nor verifies the content, accuracy, or suitability of this podcast. Views and opinions belong solely to the podcast creators and guests.
For a complete disclaimer, please see our Full Disclaimer on the archive page. The Podcast Collaborative bears no responsibility for the podcast’s themes, language, or overall content. Listener discretion is advised. Read our Terms of Use and Privacy Policy for more details.