Podcasts about GRC

What happens when governance, risk, and compliance (GRC) collide with the everyday realities of the healthcare supply chain? On this episode of Power Supply, we're joined by David Williams, a healthcare supply chain leader with deep expertise in finance, risk, and compliance, to explore how cybersecurity, finance, procure-to-pay, and AI are all connected under the GRC umbrella. From process risks hiding in daily workflows to the growing urgency of cyber hygiene and AI governance, David explains why alignment across supply chain, finance, and IT is critical to protecting both operations and patient safety. Whether you're in the C-suite or working on the loading dock, this conversation breaks down what GRC really means for supply chain—and how to balance the equation for a smarter, safer future! Once you complete the interview, jump on over to the link below to take a short quiz and download your CEC certificate for 0.5 CECs! – https://www.flexiquiz.com/SC/N/ps15-07 #PowerSupply #Podcast #AHRMM #HealthcareSupplyChain #SupplyChain #GRC #Risk #Compliance #Governance #Cybersecurity

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com        

SonicWall SSL VPN flaws now being actively exploited Acting federal cyber chief outlines his priorities U.S. based investors in spyware firms nearly tripled in 2024 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.    

Meter: Visit https://meter.com/itcareer to book a demoCybersecurity is changing faster than ever — and the jobs of the future may not look like the ones you picture today. Everyone talks about hacking, red teaming, and pen testing, but there's a side of cybersecurity that's just as critical and often overlooked: GRC (Governance, Risk, and Compliance).In this episode, I sit down with  @UnixGuy  (Abed Hamdan) to talk about the future of cybersecurity, why GRC might be the biggest hidden career opportunity, and what it really takes to break into the field. We'll cover who should consider GRC, the skills you need to succeed, and how AI and automation are reshaping the industry.Whether you're brand new to tech or looking to pivot your career, this conversation will give you insider knowledge most people miss.

The npm incident: nothing to fret about? Cursor Autorun flaw lets repositories execute code without consent Senator Wyden urges FTC to probe Microsoft over Ascension hack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

Thousands had data leaked in blood center ransomware attack UK Electoral Commission recovers, 3 years after China hack Npm packages with 2 billion weekly downloads targeted in supply chain attack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Andy Ellis, principal of Duha. Joining us is Jason Loomis, CISO, Freshworks. In this episode: Making organizations take their security medicine Building CISO support systems Holding the door for humans Underappreciated risks: beyond the headlines Huge thanks to our sponsor, Safe Security SAFE is the category leader in Cyber Risk Quantification (CRQ) and the first vendor to deliver fully autonomous Third-Party Risk Management.We help CISOs, GRC, and TPRM leaders continuously and efficiently quantify, prioritize, and mitigate cyber risks across their entire attack surface — enabling digital growth and resilience. Learn more at tprmdemo.safe.security.  

In this episode, we demystify the often misunderstood world of surveillance in financial services with Emily Wright, a leading expert in compliance and risk management. Emily breaks down the complexities of employee surveillance, highlighting its real value beyond mere compliance theater. She emphasizes the critical role of human behavior in shaping effective risk management strategies. Join us as we explore how understanding these dynamics can transform your organization's approach to surveillance and foster a culture of integrity and accountability. SHOW NOTES01:25 Career Journey 08:18 Behind the Screens Book 11:43 Obstacles for Trade Surveillance 14:11 Changes for Comms Surveillance 17:35 Technology & AI Influences 22:42 Do the 3 Lines of Defense Hold?

GhostAction campaign targets GitHub Scam centers see huge growth in Myanmar GPUGate targets IT firms Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.  

RSA Archer isn't just a GRC tool-it's the backbone of how enterprises manage risk, compliance, and resilience at scale. In this InfosecTrain session, we break down the Top 5 practical use cases every Governance, Risk, and Compliance (GRC) professional should master.

In this episode, Mike Elkins maps a whole‑of‑business blueprint for digital safety that actually reduces risk you can measure. We break down what “holistic” really means in practice: identity as the control plane, data‑centric design, continuous verification, least privilege, segmentation that shrinks blast radius, and automation that removes human bottlenecks. From cloud and SaaS to OT/IoT and third‑party risk, Chase shows how to connect policy, architecture, and operations so security becomes a repeatable system—not a pile of tools.TakeawaysWhy piecemeal controls create “debt‑in‑depth”How to center Zero Trust on identities, not networksPragmatic micro‑segmentation and just‑in‑time accessA simple metric stack for the board (exposure, blast radius, dwell time)How to align GRC with day‑to‑day enforcementNo FUD. No silver bullets. Just the playbook to make “holistic” real.

New malware phishing campaign hidden in SVG files Anthropic agrees to pay $1.5bn in book piracy lawsuit Qantas penalizes executives for cyberattack Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.  

Innovation comes in many areas and compliance professionals need to not only be ready for it but embrace it. Join Tom Fox, the Voice of Compliance as he visits with top innovative minds, thinkers and creators in the award-winning Innovation in Compliance podcast. In this episode,  host Tom Fox visits with Lori Crooks, a seasoned professional in the field of cybersecurity and audit assessments, to discuss the evolution of auditing practices from physical infrastructure to cloud and AI.   Lori shares insights from her extensive career, highlighting key federal compliance frameworks like NIST 800-53, FedRAMP, and NIST 800-171. Lori stresses the importance of proactive compliance strategies and scalable GRC programs. As AI integration accelerates, she also touches on the challenges of adjusting compliance frameworks to keep pace with technological advancements, and the necessity of fostering collaboration within organizations to meet regulatory requirements effectively.  Key Highlights  Federal Auditing Frameworks Proactive Compliance Strategies Scalable GRC Programs AI and Compliance Landscape Future of Auditing in the Age of AI  Resources Lori Crooks on Linkedin Cadra  Tom Fox Instagram Facebook YouTube Twitter LinkedIn Check out my latest book Upping Your Game-How Compliance and Risk Management Move to 2023 and Beyond, available from Amazon.com.  Innovation in Compliance was recently honored as the number 4 podcast in Risk Management by 1,000,000 Podcasts.

All links and images can be found on CISO Series. This week's episode is hosted by David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining them is Jennifer Swann, CISO, Bloomberg Industry Group. In this episode: Vulnerability management vs. configuration control Open source security and supply chain trust Building security leadership presence AI governance and enterprise risk Huge thanks to our sponsor, Vanta Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started today at Vanta.com/CISO.

For the first time in Australia, a long-overdue inquiry into abuse and coercive control within cults and religious groups has been launched. The Victorian inquiry was initiated after reports of coercive behaviour at the Geelong Revival Centre, many of which were revealed by Richard Baker in the LiSTNR podcast Secrets We Keep: Pray Harder. In the series, Rich described the GRC, under the leadership of Pastor Noel Hollins, as one of Australia’s most extreme Pentecostal churches. Former members shared horrific allegations of historical child sex abuse cover-ups, tight control of their relationships, and harsh restrictions placed on the freedoms of women. In this special episode, we wanted to share episode one of Secrets We Keep Pray Harder with you. If you want to binge the rest of the series, click here for episode 2 now. The interviews in this series were recorded during Pastor Noel Hollins leadership of the Geelong Revival Centre. During production, Pastor Noel died. The experiences and allegations raised do not relate to the current leadership of the GRC. Lifeline 13 11 14.See omnystudio.com/listener for privacy information.

Cheri Hotman and Tanya Wade cut through the checkbox mentality of audits to show why real compliance is about building programs that protect your people, data, and reputation year-round. From SOC 2 readiness to the pitfalls of over-relying on GRC tools, they share practical steps for prioritizing controls, assigning ownership, and reducing audit stress. If you've ever thought “we passed the audit—now what?”, this episode gives you the roadmap to continuous compliance with less chaos and more confidence.

Today's guest is Yogesh Ailawadi, Head of Products & Innovation - Identity, Safety and Security at Alert Enterprise. Founded in 2007, Alert Enterprise's mission is the seamless convergence of advanced physical access control, identity management and workspace automation. Their solutions are designed to empower businesses with secure, flexible and efficient work environments, catering to the dynamic needs of today's workforce. They understand that in the digital era, the security of physical and digital assets is paramount.Yogesh leads Alert Enterprise's global product management and solutions engineering teams and brings over 15 years of experience in information security, identity and access governance across IT, Physical and OT systems. He has led global deployments of PIAM/IAM solutions for Fortune 100/500 customers across various industries. Yogesh is well versed in industry regulatory standards with a deep understanding of engineering concepts and technologies, and their usage in the security domain.In the episode, Yogesh discusses:0:00 An insight into his 20-year career in security, product and innovation3:10 Pioneering physical security governance across critical industries at Alert Enterprise5:27 Expanding physical GRC by integrating with the ServiceNow platform8:04 Seeing a high-demand from large, regulated industries using ServiceNow workflows10:07 Product live on ServiceNow with focus on AI-driven access solutions11:39 Focusing on product innovation, scaling through global partners13:42 Bringing physical security workflows and AI use cases to ServiceNow

Écoutez l'essentiel de l'émission La commission du lundi 25 août 2025: Le Collège LaSalle a décidé de reporter sa rentrée des classes pour protester contre l'amende de 30 millions de dollars que lui a imposée le gouvernement du Québec. Il y a 20 ans, à pareille date, la GRC menait une vaste perquisition dans les bureaux de Norbourg. Le Québec a appris avec stupéfaction que le patron de cette entreprise et ses complices avaient réussi à flouer 9200 petits épargnants. Plusieurs ont perdu des économies de toute une vie. Vos enfants vous ont-ils demandé un Labubu? Il s’agit de toutous, figurines et porte-clés qui connaissent un grand succès en ce moment. Quels sont les grands succès en matière de consommation au cours des 50 dernières années? La conduite autonome, les écrans géants … et maintenant, du karaoké en voiture! Eh oui, on est loin du bon vieux temps où il fallait rester concentré à 100 %. Aujourd’hui, c’est clair : place au fun, au confort, et surtout, au divertissement derrière le volant. Voir https://www.cogecomedia.com/vie-privee pour notre politique de vie privée

Dave Sobel interviews John Harden, the director of strategy and technology evangelism at Auvik, discussing the evolution of SaaS management and its growing adoption in the industry. Since Auvik's acquisition of SaaSlio in 2022, the company has invested significantly in engineering efforts to enhance its SaaS management capabilities. Harden highlights the increasing need for visibility into SaaS applications due to rising cybersecurity threats and the growing importance of AI in business environments. He emphasizes that many organizations are now recognizing the necessity of understanding their SaaS assets, particularly in light of the proliferation of AI tools.The conversation delves into the different ways organizations are consuming AI, with smaller companies typically using AI through SaaS applications, while larger organizations may develop their own models via APIs. Harden explains how Auvik's SaaS management platform provides visibility into both categories, allowing businesses to monitor AI usage and manage potential risks associated with shadow IT. He also discusses the recent release of SaaSOps, which enhances visibility and integrates with popular tools to provide deeper insights into API usage and license management.As organizations begin to shift back to on-premises servers due to the high costs associated with AI workloads, Auvik has responded by introducing server management capabilities. Harden notes that this new feature allows for comprehensive monitoring of on-premises infrastructure, ensuring that businesses can effectively manage their IT assets regardless of where they are hosted. This adaptability is crucial as companies navigate the complexities of their IT environments, whether they are utilizing cloud services or traditional on-premises solutions.Looking ahead, Harden expresses optimism about the growth of compliance and governance, risk, and compliance (GRC) solutions, which he believes will foster stronger relationships between managed service providers (MSPs) and their clients. He emphasizes the importance of asset visibility in achieving compliance and cybersecurity goals, as well as in developing AI strategies. By continuing to expand its asset visibility portfolio, Auvik aims to support MSPs in meeting the evolving needs of their customers in a rapidly changing technological landscape. All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Today, we conclude our 3-part podcast series sponsored by Diligent with Jessica Czeczuga, Amanda Carty and Neta Meidav In this Part 3, Tom is joined by Neta Meidav, Managing Director of Ethics & Compliance at Diligent for a dive into technology innovations at Diligent.     In this episode, Tom visits with Neta about her recent transition to Diligent following its acquisition of her GRC entity Vault. Neta discusses the strategic reorganization at Diligent that underscores their commitment to compliance technology, and how this alignment bodes well for the future of their technology. She also sheds light on the integration of AI within compliance solutions, exploring its transformative impact on risk prediction, investigation processes, and operational efficiency, while emphasizing the enduring importance of human expertise in ethical decision-making.   Key Highlights   ·      The Acquisition Journey ·      Role and Responsibilities at Diligent ·      AI and Compliance Technology ·      Predictive Risk and Future of AI in Compliance   Resources: ⁠Neta Meidav on LinkedIn ⁠⁠Diligent⁠   Tom Fox ⁠Instagram⁠ ⁠Facebook⁠ ⁠YouTube⁠ ⁠Twitter⁠ ⁠LinkedIn

Cybersecurity & Compliance w/ Paige Hanson of Secure Labs - AZ TRT S06 EP15 (277) 8-17-2025       What We Learned This Week: A cybersecurity breach can cost more than just data—it can damage infrastructure and destroy client confidence. Even smaller companies (50–100 employees) need structured safeguards, compliance, and often outside MSSPs to stay secure. Secure Labs provides a roadmap for companies to meet regulatory standards like HIPAA, ISO 27001, and SOC 2, helping them win bigger clients. AI-driven threats like voice cloning and deepfakes make personal and business digital security more important than ever. Compliance isn't cheap—outside audits can run $5,000–$50,000 annually, while Big Four audits may exceed $100,000.       Guest: Paige Hanson, Co-Founder of Secure Labs   LinkedIn: https://www.linkedin.com/in/hello-paige-hanson Founder of SecureLabs | Helping businesses meet their security compliance standards | Fractional GRC |

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis (@csoandy), principal of Duha. Joining us is Gary Chan, CISO, SSM Health. Be sure to check out Gary's security mentalism website: https://www.gschan2000.com. In this episode: Decision-making with incomplete information Translation beats technical expertise Influence trumps authority for CISOs Technical prowess creates adversaries Huge thanks to our sponsor, Vanta Automate, centralize, & scale your GRC program with Vanta. Vanta's Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.  

Innovation comes in many areas, and compliance professionals need to be ready for it and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. In this episode, Tom Fox interviews Gaurav Kapoor, Vice Chairman, Co-Founder and Board Member of MetricStream, discussing his extensive professional background, from co-founding MetricStream to his current focus on customer intimacy amid AI market disruptions. Kapoor delves into the evolving landscape of risk management, emphasizing the importance of midyear reviews and integration of various risk themes like operational risk, audit compliance, and cybersecurity. He elaborates on the role of AI in GRC, stating how generative and agent AI can streamline compliance processes and enhance risk management strategies. The conversation also touches on the increasing significance of cybersecurity, geopolitical instability, and climate impact on risk assessment. Kapoor highlights the shift from compliance to a more resilient and risk-aware culture within organizations. Key highlights: Gaurav Kapoor's Professional Journey The Importance of July in Risk Management AI's Role in GRC Emerging Risks and AI Applications Counseling Boards on Risk Management Top Concerns for the Second Half of 2025 Evolving Role of Compliance and Risk Officers Resources: MetricStream Website and on LinkedIn Gaurav Kapoor on LinkedIn Tom Fox Instagram Facebook YouTube Twitter LinkedIn

In an era of black swan events, economic volatility, and rapid technological change, leaders must balance growth with governance to build organizations that endure. In this episode of CIO Talk Network, Dr. Ramesh Gopal, Chief Risk Officer for UAE & Saudi and Head of Credit Risk at CEEMEA for Deutsche Bank, joins host Sanjog Aul to share lessons from past crises, strategies for aligning agility with control, and ways to embed a risk-first mindset across the enterprise. Topics Covered: 00:00 – Introduction 02:49 – When assumptions fail: Lessons from 2008 07:12 – Thresholds, policing, and human bias in risk 10:09 – The biggest illusion of preparedness 13:05 – Appetite, tolerance, and execution 16:54 – Bridging the GRC–business gap 20:51 – Real-time, modern risk management 24:04 – Risk in the citizen development era 27:20 – Decentralizing risk ownership 33:29 – Challenges in building a risk-aware culture 36:08 – Blueprint for future-ready risk management 40:30 – An appeal to business & tech leaders 43:16 – G² + R²: Good growth and right risk

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com    

New wave of NFC relay fraud, call hijacking, and root exploits in banking sector Canada's House of Commons suffers cyberattack Zoom fixes critical Windows client flaw that could enable privilege escalation Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.

Hack of federal court filing system exploited security flaws known since 2020 Pennsylvania attorney general says cyberattack knocked phone, email systems offline Spike in Fortinet VPN brute-force attacks raises zero-day concerns Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

The hits just keep on coming Where's the Little Dutch Boy when you need him? I felt the ransomware down in Africa Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com

North Korean crypto theft Microsoft rolls out PC back up during attack U.S. charges four in $100M global fraud scheme Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

DARPA awards $4 million prize for AI code review at DEF CON North Korea ScarCruft group adds ransomware to its activities Columbia University hack affects over 860,000 Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.  

Innovation comes in many areas, and compliance professionals must be ready for and embrace it. Join Tom Fox, the Voice of Compliance, as he visits with top innovative minds, thinkers, and creators in the award-winning Innovation in Compliance podcast. Today, we begin a 3-part podcast series sponsored by Diligent with Jessica Czeczuga, Amanda Carty and Neta Meidav In Part 2, Tom is joined by Amanda Carty, GM Compliance Solutions at Diligent.    Carty shares insights from her decade-long experience in the GRC field and offers detailed perspectives on how leaders can model ethical behavior within their organizations. The conversation dives into how Diligent helps companies assess and document leadership effectiveness and the role of AI in enhancing compliance initiatives. Carty emphasizes the necessity of leaders acting as ambassadors of culture and the impact of measurable outcomes in compliance programs. The episode also explores the integration of AI and chatbots to provide real-time compliance support to employees, ensuring efficiency and ease of access to crucial information.  Key Highlights  ·      Importance of Tone at the Top ·      Leadership and Ethical Culture ·      AI in Compliance ·      Employee Engagement and Technology ·      Actionable Takeaways for Compliance Professionals  Resources: ⁠Amanda Carty on LinkedIn ⁠⁠Diligent⁠  Tom Fox ⁠Instagram⁠ ⁠Facebook⁠ ⁠YouTube⁠ ⁠Twitter⁠ ⁠LinkedIn

Governance, risk, and compliance (GRC) has long been burdened by heavy manual processes, slow assessments, and limited visibility. In this Brand Story episode, Sean Martin and Marco Ciappelli are joined by Anders Søborg, Co-Founder of Eve, and Mark Humphrey, who brings two decades of fraud and cybersecurity experience to the team. Together, they unpack how Eve is challenging traditional GRC tools by offering something entirely different: automation with evidence-based intelligence at its core.Anders shares how his experience as Chief Risk Officer and partner at major firms like Ernst & Young and PwC shaped Eve's mission. He describes a world where compliance doesn't have to mean complexity. Eve's AI engine evaluates more than a thousand controls in under 15 minutes—surpassing manual reviews that could take weeks—and goes a step further by offering recommendations, not just red flags.This isn't about replacing people. It's about helping overwhelmed compliance, risk, and audit teams regain control. Mark emphasizes how Eve operates like a true partner, delivering support with no ego and full transparency. Their approach combines deep regulatory knowledge, contextual AI agents trained on real-world frameworks, and a clear respect for data sovereignty and privacy—an essential requirement for global pharma, financial, and consulting clients already relying on the platform.More than a dashboard, Eve acts as an intelligent engine embedded into existing workflows via API, making it a natural complement—not a competitor—to existing GRC platforms. The platform is customizable, evidence-driven, and built with firsthand knowledge of what compliance professionals actually need: clear guidance, real-time answers, and fewer repetitive tasks.The episode leaves listeners with a compelling question: what if your compliance program could coach your team, reduce audit costs, and provide instant visibility—without sacrificing accuracy or control?Learn more about E-V-E GRC: https://itspm.ag/eve-grc-99Note: This story contains promotional content. Learn more.Guests:Anders Søborg, Co-founder, Director at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/anders-s%C3%B8borg-3826702/Mark Humphrey, Senior Sales and Channel Director EMEA at E-V-E GRC | On LinkedIn: https://www.linkedin.com/in/m-humphrey-mba-0020192b1/ResourcesRedefine Compliance. Unleash Your Potential with E-V-E GRC. Command Compliance: https://itspm.ag/e-v-e-i1mlLearn more and catch more stories from E-V-E GRC: https://www.itspmagazine.com/directory/evegrcLearn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programsNewsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-upAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-418

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Show Notes: https://securityweekly.com/esw-418

The Weekly Enterprise News (segments 1 and 2) This week, we've had to make some last minute adjustments, so we're going to do the news first, split into two segments. This week, we're discussing: Some interesting funding Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION Interesting new companies! On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they're REALLY making sure that thing never happens again Flipping the script How researchers rooted Copilot, but not really talks to check out at Hacker Summer Camp detection engineering tips the Cloud Security Alliance has a new AI Controls Matrix sending in the National Guard to handle a breach! and how to read an AI press release Interview: Guillaume Ross on Building Security from Scratch Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms? Show Notes: https://securityweekly.com/esw-418

We're talking fishing with Patrick Yohon from GRC Trolling Flies in New York. Patrick started GRC while truck driving and has built it into one of the most popular lure manufacturers in Great Lakes fishing. Patrick makes trolling flies, laker bells, meat rigs, and much more. Today's conversation is from the Greater Niagara Fishing Expo back in February. For more Great Lakes fishing information, visit https://fishhawkelectronics.com/blog/

Summer, Soccer, and SaudiFor credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/bonus-episode-3-summer-soccer-and-saudi/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

AI Risk Management is essential, and in this episode, we discussed the critical guardrails you must implement now to keep your AI applications secure and trustworthy. Featuring Aayush Choudhury, CEO of Strut Automation, this conversation delves into key strategies for dependability in AI systems, tackling challenges like data leaks, unauthorized access, and prompt injection.  Aayush brings deep expertise in GRC automation, sharing insights on ISO 42001, NIST AI RMF, and OWASP's top 10 for AI security. If you're navigating AI risk management in customer-facing or internal applications, this episode offers valuable guidance on designing robust frameworks and controls from the start. Learn how to safeguard sensitive information and ensure responsible AI use while staying ahead in an evolving digital landscape. If you want to be our guest or suggest someone, send your email to info@globalriskconsult.com with "Guest Suggestion" in the subject line.

In this episode of The Ethics Experts, Nick welcomes Anitha Vittal.Anitha is recognised as a global ethics, risk, compliance and internal audit leader with proven experience and expertise in establishing Centres of Excellence at GCCs across industry verticals.A passionate professional, she has over 23 years of service in leading and developing high performing teams across India, Europe and US markets. Her engagements include - internal audit, risk management, compliance, business process and financial compliance, data privacy, SoX, GRC program management, digitisation.

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastWill Sweeney, founding and managing partner of Zaviant, joins the Cyber Work Podcast to discuss the evolving landscape of data privacy and GRC (governance, risk and compliance). With experience overseeing complex information security audits for Fortune 100 companies, Will shares insights on everything from the key differences between security auditing and implementation to whether privacy regulatory frameworks will continue multiplying or begin consolidating. He offers practical advice for GRC aspirants, emphasizing the importance of understanding core security processes rather than getting lost in framework structures. Will also discusses the challenges of starting a consultancy practice and provides valuable career guidance for those looking to transition into the data privacy and compliance space.0:00 - Intro1:15 - Cybersecurity Salary Guide promo2:30 - Will Sweeney and his early tech background6:45 - Building his first high school website9:20 - Career pivot from IT to data privacy and GRC12:15 - Audit vs. implementation: Understanding the difference16:30 - Starting Zaviant and the GDPR opportunity20:45 - Current challenges in data privacy compliance24:10 - Common security gaps companies overlook28:30 - Breaking into GRC: Skills and career advice32:45 - Starting a consultancy: Hidden challenges36:20 - The future of privacy regulations and AI impact40:15 - Career advice for help desk professionals41:30 - Closing thoughtsView Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

FIFA's Club World Cup CircusFor credits and this episode's transcript, visit globalreportingcentre.org/state-of-play/bonus-episode-2-fifas-club-world-cup-circus/State of Play is produced by the Global Reporting Centre (GRC) and distributed by PRX. The GRC is an editorially independent journalism organization based at the UBC School of Journalism, Writing, and Media. Founded in 2016, we are leaders in doing global journalism differently. We innovate industry practice, educate the next generation, and promote greater equity in journalism.Learn more about the GRC: globalreportingcentre.org | Make a tax-deductible donation: globalreportingcentre.org/donate

In this episode, we sit down with Jim Manico, a longtime industry AppSec Leader, Educator, and Innovator, to discuss enhancing software security in the era of AI.This includes covering recent talks Jim has given about using AI as a force multiplier for software development, the importance of security-centric prompting, and the overall impact of AI on the field of AppSec.We discussed:A recent talk Jim gave where he discussed transforming secure software creation with AI, doing the work of teams of people on his own, and what used to take tens of thousands of hours through the use of agents and various frontier models and offerings.The importance of security-centric prompting and guidance for models to produce secure code and the impact on vulnerability velocity by doing so.The risks of the broader developer community leaning into these tools without adding security-centric prompts and guidance, but the opportunity for prompt libraries and enterprise controls to lead to systemic secure software development within the enterprise.The workforce implications of AI-driven development and the need to upskill to stay relevant (and employable).Where Jim sees opportunity beyond just AppSec when it comes to AI and Cybersecurity, in other areas such as GRC and SecOps as well.

Look Out! Another Outlook Outage Iranian APTs increased activity against U.S. industries in late spring Russian basketball player arrested in France over alleged ransomware ties Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines Find the stories behind the headlines at CISOseries.com.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jim Bowie, vp, CISO, Tampa General Hospital Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com  

AMD warns of new Meltdown, Spectre-like bugs affecting CPUs Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Bitcoin Depot breach exposes data of nearly 27,000 crypto users, More than $40 million stolen from GMX crypto platform Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

Four members of President Trump's cabinet impersonated Is this some kind of a game? Batavia attacks Russian industrial companies Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines  

All links and images can be found on CISO Series. This week's episode is hosted by me, David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Anthony Candeias, CISO, Weight Watchers. In this episode: AI agents require structured supervision, not autonomy Hiring for potential over credentials in cybersecurity AppSec training effectiveness depends on organizational relevance AI oversight requires purpose-built models, not general solutions A huge thanks to our sponsor, Vanta Vanta's Trust Management Platform helps 10k+ companies—like Atlassian, Quora, and Chili Piper—start and scale their security programs and build trust with buyers. Vanta saves security teams time and improves program visibility by automating 35+ compliance frameworks, such as SOC 2 and ISO 27001, and GRC workflows, like risk management. Get started at Vanta.com/CISO

Send us a textWhy fear compliance when it can fuel your growth? In this rich and revealing episode from IT Nation Secure 2025, Joey Pinz sits down with Ozzie Saeed, founder of IntelliGRC, to unpack why MSPs should stop dreading cybersecurity frameworks like CMMC—and start seeing them as strategic advantages.

When I last spoke with Gaurav Kapoor five years ago, we were in the thick of a global pandemic. Remote work was still a novelty for many, AI was a distant concept for most businesses, and regulatory frameworks were trying to keep pace with the speed of technological change. Fast forward to today, and the conversation around AI and governance, risk, and compliance (GRC) has shifted dramatically. This made it the perfect time for a long-overdue catch-up. In this episode, I welcomed back Gaurav, Vice Chairman and Co-founder of MetricStream, to discuss the changing face of GRC in an AI-driven world. AI has now reached a level of ubiquity that places it alongside electricity and Wi-Fi as a foundational layer of both business and everyday life. But with that integration comes risk, and with risk comes the need for smarter, more adaptive governance. Gaurav shared how AI is no longer just about efficiency gains. It is becoming embedded into the fabric of enterprise risk frameworks, from real-time regulatory monitoring to predictive analytics and risk forecasting. We talked about the impact of the current political climate, including policy shifts following President Trump's return to office and how deregulation narratives are colliding with the complexity of global compliance expectations. This was not just a theoretical discussion. Gaurav broke down real-world use cases that show how large enterprises are navigating everything from redundant compliance testing to emerging threats discovered through AI-driven analysis. He also spoke candidly about the challenges ahead, how companies can fall behind if they wait too long to modernize their frameworks, and what is at stake when they fail to build trust into their AI systems. So how do you evolve GRC in an age where the pace of change is relentless? What role does AI really play in risk leadership today? And how can companies move from reactive to proactive without losing control? Join me as we explore the next chapter of GRC with one of its leading voices.