Share
))
HBO and The Ringer's Bill Simmons hosts the most downloaded sports podcast of all time, with a rotating crew of celebrities, athletes, and media staples, as well as mainstays like Cousin Sal, Joe House, and a slew of other friends and family members who always happen to be suspiciously available.
…
continue reading
Manage episode 516808592 series 3644937
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.
How do you build real trust between GRC and engineering? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Tristan Ingold, Security GRC Program Manager at Meta. Tristan shares how consulting shaped his approach, why “policing” doesn’t work, and how GRC earns influence by acting as a partner to engineering -- not a blocker.
He discusses the cultural friction between audit, security, and product teams, how to communicate in the language of engineering, and why the right role for GRC is a “sparring partner” that helps teams ship safer, faster. From reframing control objectives to focusing on evidence the business already produces, this conversation is a practical playbook for building credibility and velocity at the same time.
5 Key Takeaways
- Partnership Over Policing: GRC earns influence by modeling partnership behaviors and meeting teams where they are.
- Translate Controls to Engineering: Use product language and existing telemetry; design evidence around the way the system actually works.
- Make It Observable: Treat GRC like an observability layer -- surface risk signals the business already emits.
- Tell the Story, Not the Score: Dashboards support the narrative; they aren’t the narrative. Lead with context and trade-offs.
- Define the Right Role: The best GRC teams act as a sparring partner --challenging, supportive, and focused on outcomes.
What You’ll Learn
- How to rebuild trust with engineering after “audit fatigue”
- Practical ways to convert control requirements into product language
- How to design evidence from logs, pipelines, and tickets you already have
- When to push, when to partner, and how to escalate with credibility
- Communicating risk trade-offs without killing roadmap velocity
Connect With Our Guest:
Tristan Ingold | Security GRC Program Manager | Meta
This podcast is brought to you by ComplianceCow - the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
22 episodes
