In this episode of Security & GRC Decoded, host Raj Krishnamurthy, CEO of ComplianceCow, sits down with Carlos Batista—former CISO and AWS Security Engineering Leader—to explore the evolving landscape of security, governance, and risk management.

Carlos shares his journey from leading security in highly regulated industries like banking and energy to championing large-scale security engineering at AWS. Together, they discuss how effective GRC programs can move beyond “checkbox” compliance to become true business enablers—accelerating growth, deepening customer trust, and supporting innovation across the enterprise.

Key takeaways include:
✅ Security Awareness & Practical Investments: Why Carlos believes traditional security awareness can be overrated, and how investing in secure-by-design infrastructure may deliver more value.
✅ Third-Party Risk Management: Insights on why TPRM remains fractured, and what it’ll take to move from endless vendor questionnaires to streamlined trust and assurance.
✅ CISO Stress & Leadership: How security leaders can manage the personal and legal pressures of the role, build credibility, and foster healthy collaboration with engineering teams.
✅ Future of GRC: From infrastructure-as-code to automagically patching vulnerabilities—where Carlos sees security, compliance, and governance headed next.

Tune in to hear practical insights, real-world strategies, and a fresh perspective on the intersection of security, compliance, and business success in today’s fast-changing regulatory landscape.

🎙️ Security & GRC Decoded is brought to you by ComplianceCow.

Make sure to rate and review the show to let us know you're enjoying the content!

Subscribe now for expert insights from industry leaders shaping the future of security & compliance.

Learn More About How ComplianceCow Can Help Your GRC Team Today!

🎙️ Follow Carlos Batista:
Stay connected with Carlos’s insights and experiences by following him on LinkedIn:
linkedin.com/in/carlos-m-batista/