Scaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/6e/41/d8/6e41d8e8-60a1-2cfa-dbe0-4fe8872a8f1d/mza_11900190343883545400.jpg/600x600bb.jpg

GRC Engineer

Ayoub Fandi

19 episodes

2 weeks ago

The podcast for practitioners applying systems thinking and engineering principles to GRC. We speak with GRC leaders, security engineers and practitioners transforming legacy GRC through automation, orchestration, and architectural thinking. Learn how to design scalable systems, build better workflows and solve coordination challenges. GRC Engineering works everywhere: from spreadsheets to enterprise platforms, AI startups to Fortune 500s. It also works for you! Hosted by Ayoub Fandi, founder of GRC Engineer, co-author of the GRC Engineering manifesto and leading GRC Engineering at GitLab.

Technology

RSS

All content for GRC Engineer is the property of Ayoub Fandi and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/39449802/39449802-1742211834590-9d6135348c0da.jpg

Scaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3

GRC Engineer

57 minutes 41 seconds

10 months ago

Scaling GRC Engineering: The Definitive Guide w/ Akhila Chitiprolu from Sierra | S2E3

If you enjoy the podcast, feel free to subscribe to the GRC Engineer newsletter: grcengineer.com/subscribe

In this episode of The GRC Engineering Podcast, host Ayoub Fandi speaks with Akhila Chitiprolu, head of GRC at Sierra and former GRC leader at Stripe, Expedia, and T-Mobile.

Akhila shares her journey from engineering to GRC leadership and offers deep insights on transforming traditional compliance into engineering-driven programs that scale with modern technology companies.

Drawing from over a decade of experience across tech, fintech, telecom, and AI, she provides practical strategies for building GRC Engineering capabilities from the ground up.

Whether you're just starting your GRC Engineering journey or looking to scale existing efforts, this episode provides tactical advice on:

- Transforming control design for automation and scalability

- Convincing traditional auditors to accept API-driven evidence

- Building the business case for GRC Engineering investments

- Developing effective collaborations between technical and non-technical GRC staff

- Measuring and demonstrating the value of engineering

-driven compliance

- Creating a roadmap for continuous control monitoring

Key topics covered:

00:00 Introduction and guest background

02:58 Evolution of GRC: From spreadsheets to engineering-driven approaches

04:05 The biggest pain point: Evidence collection at scale across multiple frameworks

05:38 Why control design matters more than evidence automation alone

11:20 The tipping point for GRC Engineering adoption in organizations

13:30 Breaking down GRC process phases and where engineering adds value

26:52 How to work with auditors on engineering evidence and build trust

31:53 Build vs. Buy: Finding the right approach for your organization size

37:10 Building relationships with engineering teams through shared pain points

39:33 How compliance can become an engineering roadmap for platform teams

42:04 Key principles for scaling GRC Engineering programs beyond initial wins

48:19 GRC Engineers & Analysts: Working together effectively across skill sets

53:41 The magic wand question: Asset to control view and community education