GRC Engineer

With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.

Episode Summary In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail. Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced environments. The discussion dives deep into the challenges of balancing speed and security, the importance of collaboration in regulatory compliance, and how personal responsibility for CISOs is shaping the future of security leadership. Key Topics Discussed 💼 Career Journey: Simon reflects on his career path, starting in the defense sector with the Ministry of Defense, moving through financial services and retail, and eventually taking on his current role at OVO. 🌀 Systems Thinking in Security: Insights into how Simon applied systems engineering concepts like "the survivability onion" to improve security outcomes across different industries. 📹 Balancing Speed and Security: A discussion on how fast-moving environments like defense and private sectors can integrate security assurance early in development to achieve better outcomes. 📃 Regulatory Challenges Across Jurisdictions: Simon shares his experiences navigating complex regulatory landscapes in Asia-Pacific and Europe, including personal liability challenges for CISOs. 💼 Leadership and Collaboration: Emphasizing the importance of strong teams and relationships to manage stress and uncertainty in high-stakes environments. 🚅 Forward-Looking Reflections: Simon discusses his current mission at OVO, supporting zero-carbon living through tech-enabled energy retail while addressing broader societal challenges. Notable Quotes "The time horizon of the board is radically different from that of an engineer in a sprint." "Balancing prevention with a positive attitude towards detection and discovery is key to building effective systems." "Bringing assurance teams into the development lifecycle early can lead to better security outcomes—not just better documentation." "Personal liability for CISOs is a growing challenge; it requires courage to take on such roles." Useful links Simon Goldsmith’s LinkedIn OVO Energy Guest Bio Simon Goldsmith is an accomplished information security leader with over two decades of experience across defense, financial services, retail, and energy sectors. Currently serving as Head of Information Security at OVO, Simon has a passion for systems thinking and collaborative leadership to drive impactful security outcomes. Call to Action If you enjoyed this episode, please subscribe to our podcast for more insights into GRC Engineering and cybersecurity leadership. Don’t forget to leave a review if you found value in this conversation! For questions, guest ideas, or feedback, reach out to me on LinkedIn.

Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.