GRC Engineer

Akhila Chitiprolu, Head of GRC at Sierra and former leader at Stripe, Expedia, and T-Mobile, reveals her journey from engineering to GRC leadership. She discusses transforming traditional compliance into scalable, engineering-driven programs. Key insights include automating controls for efficiency, engaging auditors early to build trust, and the importance of collaboration between technical and non-technical teams. Akhila also shares practical strategies for navigating compliance challenges and the need for continuous innovation to streamline GRC processes.

To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer.

Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo. Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative. He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-driven practices in governance, risk, and compliance and how GRC Engineering could be the next DevSecOps. Be warned, TPRM is taking repeated hits in this episode!

Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.

Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GRC objectives

Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud.

With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.

Episode Summary In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail. Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolving role of GRC in fast-paced environments. The discussion dives deep into the challenges of balancing speed and security, the importance of collaboration in regulatory compliance, and how personal responsibility for CISOs is shaping the future of security leadership. Key Topics Discussed 💼 Career Journey: Simon reflects on his career path, starting in the defense sector with the Ministry of Defense, moving through financial services and retail, and eventually taking on his current role at OVO. 🌀 Systems Thinking in Security: Insights into how Simon applied systems engineering concepts like "the survivability onion" to improve security outcomes across different industries. 📹 Balancing Speed and Security: A discussion on how fast-moving environments like defense and private sectors can integrate security assurance early in development to achieve better outcomes. 📃 Regulatory Challenges Across Jurisdictions: Simon shares his experiences navigating complex regulatory landscapes in Asia-Pacific and Europe, including personal liability challenges for CISOs. 💼 Leadership and Collaboration: Emphasizing the importance of strong teams and relationships to manage stress and uncertainty in high-stakes environments. 🚅 Forward-Looking Reflections: Simon discusses his current mission at OVO, supporting zero-carbon living through tech-enabled energy retail while addressing broader societal challenges. Notable Quotes "The time horizon of the board is radically different from that of an engineer in a sprint." "Balancing prevention with a positive attitude towards detection and discovery is key to building effective systems." "Bringing assurance teams into the development lifecycle early can lead to better security outcomes—not just better documentation." "Personal liability for CISOs is a growing challenge; it requires courage to take on such roles." Useful links Simon Goldsmith’s LinkedIn OVO Energy Guest Bio Simon Goldsmith is an accomplished information security leader with over two decades of experience across defense, financial services, retail, and energy sectors. Currently serving as Head of Information Security at OVO, Simon has a passion for systems thinking and collaborative leadership to drive impactful security outcomes. Call to Action If you enjoyed this episode, please subscribe to our podcast for more insights into GRC Engineering and cybersecurity leadership. Don’t forget to leave a review if you found value in this conversation! For questions, guest ideas, or feedback, reach out to me on LinkedIn.

Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.