Ayoub Fandi

GRC Engineer

The podcast for practitioners applying systems thinking and engineering principles to GRC.We speak with GRC leaders, security engineers and practitioners transforming legacy GRC through automation, orchestration, and architectural thinking. Learn how to design scalable systems, build better workflows and solve coordination challenges. GRC Engineering works everywhere: from spreadsheets to enterprise platforms, AI startups to Fortune 500s. It also works for you! Hosted by Ayoub Fandi, founder of GRC Engineer, co-author of the GRC Engineering manifesto and leading GRC Engineering at GitLab.

Autor

Ayoub Fandi

Categoría

Technology

Web del podcast

www.grcengineer.com

Último episodio

5 de mar. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

AIUC-1: The First Compliance Framework for AI Agents w/ Rajiv from AIUC and Danny from Schellman 05.03.2026

Every compliance framework you know was built for deterministic systems. AI agents are not deterministic. That's why AIUC-1 was born. In this episode, I sit down with Danny from Schellman and Rajiv Dattani, co-founder of AIUC, to break down the first compliance framework purpose-built for AI agents. We cover the six pillars (data & privacy, security, safety, reliability, accountability, so...

GRC meets Enterprise Security: TPRM, Compliance, Zero Trust and M&A w/ Kane Narraway from Canva 02.12.2025

Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc --- What happens when you have to merge three operating systems, satisfy FedRAMP requirements, and keep engineers happy whilst building enterprise security at scale? In this episode, Kane Narraway, previously leading enterprise security at Atlassian, building Zero Trust at Shopify, a...

Beyond the Screenshot: Why Auditors Don't Trust Platforms & What Quality Really Costs w/ Troy Fine 11.11.2025

Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc---Troy Fine has conducted hundreds of SOC 2 audits over 15 years. In this conversation, he reveals uncomfortable truths about the audit market that most practitioners won't discuss openly. His most explosive admission: "Nobody can measure audit quality." Not TPRM teams....

From Checklists to Code: Engineering the Future of FedRAMP w/ Pete Waterman 28.10.2025

Paramify is making FedRAMP (Rev 5 or 20x), GovRAMP & CMMC fun. Get your $750 Gap Assessment at paramify.com/grc. To get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe Wrong ink colours. $300,000 authorizations. Congressional investigations within the first month. How do you fix federal compliance from the inside? In this episode, Pete Wa...

Rebuilding GRC from Scratch: Build-First Engineering w/ Emre & Chad from Docker 14.10.2025

To get access to the deep-dive transcript, subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe How do you build a modern GRC programme when you inherit processes designed for a team three times your size, in an organisation where "compliance frameworks were owning us instead of us owning them"? In this episode, Emre Ugurlu and Chad Fryer from Docker share their journey tr...

Unfiltered conversation with a GRC Software Engineer w/ Varun Gurnaney, Staff Security Engineer 06.09.2025

Check out grcengineer.com to learn more! SummaryIn this engaging conversation, Ayoub Fandi and Varun Gurnaney explore the evolving landscape of Governance, Risk, and Compliance (GRC) engineering. Varun shares his unique journey from cybersecurity to GRC, emphasizing the importance of automation and collaboration between engineering and compliance teams. They discuss the challenges faced in GRC, th...

The GRC Engineering Blueprint for the Public Sector w/ Dr. Ibrahim Waziri Jr. from Google 26.08.2025

To learn more, check out grcengineer.com Summary In this episode, Dr. Ibrahim Waziri Jr. shares his extensive experience in GRC engineering and cybersecurity, discussing the evolution of compliance from static documentation to dynamic, automated processes. He emphasizes the importance of GRC engineering in bridging different governance models and enhancing operational efficiency. The conversation...

Deep-dive on Cyber Risk Quantification and GRC w/ Tony Martin-Vegue from Netflix 29.07.2025

To learn more, go to grcengineer.com SummaryIn this episode of the GRC Engineer podcast, host Ayoub interviews Tony Martin-Vegue, a seasoned expert in risk quantification and GRC engineering. They discuss Tony's career journey from IT to risk management, the importance of cyber risk quantification, and the interplay between governance, risk, and compliance. Tony shares insights on the benefits...

Beyond the API: GRC Engineering in the Real World w/ Ange Ferrari, CISO/SVP @ METRO AG 01.07.2025

Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribe In this insightful episode of the GRC Engineering Podcast, host Ayoub Fandi sits down with Ange Ferrari , SVP & CISO at Metro Group, for a deep dive into how GRC has evolved over two decades and what it takes to...

Third-Party Risk Management from the Trenches w/ Blake, McKenna and Kristi | Experts Panel 20.05.2025

Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribe In this premiere episode of the GRC Engineering Podcast Experts Panel, host Ayoub Fandi brings together three seasoned Third-Party Risk Management (TPRM) practitioners to discuss the real-world challenges and innovat...

The Unfiltered GRC Automation Roundtable: 7 Platform Executives on Enterprise GRC & Commoditisation 25.03.2025

In this groundbreaking episode of the GRC Engineering Podcast, we bring together executives from the 7 leading GRC automation platforms for an unprecedented discussion on the future of compliance automation. For the first time ever, leaders from Vanta, Drata, Anecdotes, Secureframe, Sprinto, Scrut Automation, and Thoropass share the same virtual stage to debate critical industry topics, challenge...

Scaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3 18.03.2025

If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe In this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile. Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compl...

AI Agents as the next GRC Frontier w/ Shruti Gupta from Zania | S2E2 02.12.2024

To view the notes from the podcast and much more, check out the episode summary on the GRC Engineer .

Is GRC Engineering the next DevSecOps? w/ Justin from Klaviyo | S2E1 21.10.2024

Join us for the first episode of Season 2 of the GRC Engineering Podcast, featuring Justin Pagano, Director of Security Risk, and Trust at Klaviyo. Justin shares his journey through GRC, from his early days as a software engineer to being a catalyst of the GRC Engineering initiative. He discusses the limitations of traditional documentation-heavy approaches and advocates for more engineering-drive...

GRC Engineering Podcast? The Who, the Why and the What w/ Ayoub Fandi | S1E1 19.10.2024

Learn more about the why behind the podcast, some info about the background of the host as well as the main objectives of the GRC Engineering podcast.

Genesis of a GRC Engineering program w/ Akshay Finney from Zoom | S1E6 04.03.2024

Join Akshay Finney, a GRC Engineering team lead at Zoom, as he dive into the dynamic realm of security engineering and GRC integration. Uncover the importance of translating security requirements into engineering language, the evolving role of GRC engineering, the importance taking an engineering approach to security programs and the importance of collaboration with product teams to advance the GR...

Getting Technical about Compliance w/ Vic Bhatia from ComplianceFoundry.ai | S1E5 12.02.2024

Explore the evolution of compliance engineering with Vic Bhatia, CEO of Compliance Foundry, as he shares insights from his journey, including experiences at Meta. Discover the challenges and solutions in aligning compliance with engineering incentives and the future of automated compliance solutions in the cloud.

Overcome your GRC challenges w/ Chris Hughes and Lloyd Evans from Aquia | S1E4 09.01.2024

With Chris and Lloyd from Aquia, you'll learn more about why we need GRC Engineering, what skills you need to work on and the impact of innovations (such as AI) on how we should view our field.

Think in Systems w/ Simon Goldsmith from OVO | S1E3 14.12.2023

Episode Summary In this episode, I welcome Simon Goldsmith, the Head of Information Security at OVO and a seasoned security leader with over 20 years of experience across industries like defence, financial services, and retail. Simon shares his journey from working on helicopter survivability for the Ministry of Defence to leading security efforts at OVO, focusing on systems thinking and the evolv...

Engineering your GRC program w/ Charles Nwatu from Netflix | S1E2 28.11.2023

Charles will give us an overview of how GRC can benefit from an engineering mindset and DevOps practices. We cover a lot of ground and also discuss future developments that could propel the industry further towards continuous assurance.

Escucha el podcast GRC Engineer en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos