When GRC Stops Watching and Starts Working ft Ryan Schoeller, Director of Security & GRC @ Treasu... скачать в хорошем качестве

When GRC Stops Watching and Starts Working ft Ryan Schoeller, Director of Security & GRC @ Treasu...

In this episode of Security & GRC Decoded, Raj Krishnamurthy (  / rajkrishnamurthy  ) sits down with Ryan Schoeller (  / ryanschoeller  ) , Director of Security & GRC at Treasure Data (https://www.treasuredata.com/?utm_med...) , to challenge one of the most deeply rooted assumptions in the industry: that GRC should stay passive and “independent.” Drawing from his experience across startups, mid-market tech companies, and large enterprises, Ryan argues that the most effective GRC teams are the ones that actively participate in control monitoring, risk management, and operational decision-making. This conversation goes beyond audits and checklists, exploring how GRC can truly drive business value by protecting revenue, enabling growth, and embedding risk thinking into everyday operations. Key Takeaways: • GRC delivers the most value when it actively participates in monitoring controls, not just validating them after the fact. • Risk is the most critical — and most neglected — pillar of GRC, often confused with gaps or vulnerabilities. • Strong relationships with engineering and business teams are essential for GRC to gain meaningful access to data. • GRC engineering is not just about writing code; it’s about applying an engineering mindset to workflows, tooling, and processes. • Automation alone is not a business case — value comes from how freed-up time is reinvested. What You’ll Learn: • Why the “three lines of defense” model often breaks down in real organizations • How GRC teams can reduce compliance theater by becoming more operational • The difference between a vulnerability, a gap, and an actual risk • How to build a business case for GRC automation that leadership will support • Why front-ending GRC work (sales assurance, customer trust) often matters more than backend audit prep This podcast is brought to you by ComplianceCow (https://www.compliancecow.com/) — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com (https://www.compliancecow.com/) Watch more episodes: https://www.compliancecow.com/podcast (https://www.compliancecow.com/podcast...) Connect With Our Guest: Ryan Schoeller | Director of Security & GRC | Treasure Data Connect on LinkedIn:   / ryanschoeller   Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMw... Apple Podcasts: https://podcasts.apple.com/us/podcast...