“This GRC Space Is Hot!” With Varun Gurnaney, Staff Security Engineer At Apple Security & GRC Decoded podcast

“This GRC Space is Hot!” with Varun Gurnaney, Staff Security Engineer at Apple

25d ago 53:30

שתפו

תוכן מסופק על ידי Raj Krishnamurthy. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Raj Krishnamurthy או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

How does a software engineer become a GRC leader? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Varun Gurnaney, Staff Security Engineer at Apple. Varun shares his journey from writing janky Python scripts for compliance evidence collection to shaping the discipline of GRC engineering at some of the world’s biggest companies.

He discusses the cultural and technical gaps between security, engineering, GRC, and audit — and how automation can bridge them. From building one control really well to proving value through audit automation, Varun lays out why the GRC space is hotter than ever. This conversation is a must-listen for anyone navigating compliance at scale.

🔑 5 Key Takeaways

Compliance ≠ Security: Passing audits is not enough — engineering-driven GRC is the future.
Start Small: Automate one control well to prove value before scaling automation.
Bridging Teams: Cultural friction between engineering, security, GRC, and audit is real — empathy and communication reduce the pain.
Audit Anxiety: Audit automation is about reducing anxiety and toil as much as passing audits.
GRC Engineering is a Discipline: Whether it lives inside GRC or security, automation is now essential.

📚 What You’ll Learn

How Varun transitioned from software engineering into GRC leadership
Why compliance automation looks different for SMBs, mid-market, and enterprises
The technical and cultural blockers between engineering and GRC
Practical strategies for proving automation value internally
How generative AI and coding agents will shape audit and compliance automation

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.

📺 Watch more episodes and learn from top leaders in the GRC space!

Connect With Our Guest:
Varun Gurnaney | Staff Security Engineer | Apple
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:

20 פרקים

🔑 5 Key Takeaways

Compliance ≠ Security: Passing audits is not enough — engineering-driven GRC is the future.
Start Small: Automate one control well to prove value before scaling automation.
Bridging Teams: Cultural friction between engineering, security, GRC, and audit is real — empathy and communication reduce the pain.
Audit Anxiety: Audit automation is about reducing anxiety and toil as much as passing audits.
GRC Engineering is a Discipline: Whether it lives inside GRC or security, automation is now essential.

📚 What You’ll Learn

How Varun transitioned from software engineering into GRC leadership
Why compliance automation looks different for SMBs, mid-market, and enterprises
The technical and cultural blockers between engineering and GRC
Practical strategies for proving automation value internally
How generative AI and coding agents will shape audit and compliance automation

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.

📺 Watch more episodes and learn from top leaders in the GRC space!

Connect With Our Guest:
Varun Gurnaney | Staff Security Engineer | Apple
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:

פודקאסטים ששווה להאזין

Security & GRC Decoded « »
“This GRC Space is Hot!” with Varun Gurnaney, Staff Security Engineer at Apple