#236 - Build a World Class GRC Program (with Matt Hillary)

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.

Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/

Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/

Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/ 

Chapters

• 01:39 Meet Matt Hillary: CISO of Drata
• 06:06 The Evolution of GRC and Trust Management
• 14:48 Continuous Compliance and Automation
• 19:26 Compliance as Code: The Future of GRC
• 22:18 The Importance of Getting It Right the First Time
• 23:15 Customer Compliance Challenges
• 24:21 Vendor Risk Management and Trust Building
• 26:26 Leveraging AI for Compliance and Risk Management
• 31:43 Evaluating Credibility of Third-Party Evidence
• 41:09 Common Mistakes in GRC Programs
• 43:56 Final Thoughts and Industry Call to Action