To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

Tech Business Raj Krishnamurthy ComplianceCow Security GRC Compliance Cyber Security Security  GRC Security  GRC Decoded
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Security & GRC Decoded »
Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK

56:25
 
Play
Playing
Share
 

MP3Episode home
Manage episode 524568621 series 3660899
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Tom Scuderi, Senior Manager of Security & GRC at LTK and a veteran practitioner who has spent his career building governance functions at QTS, Tableau, Salesforce, and LTK. Tom shares how to scale GRC in high-growth environments by designing processes that resemble engineering workflows, reducing friction with stakeholders, and shifting from reactive audits to continuous visibility. He breaks down why curated visibility beats blanket access, why SOC 2 should sharpen—not dilute—your security program, and how to anchor leadership decisions with meaningful risk data.

Key Takeaways

  • GRC only scales when its processes mirror how engineering teams already work.
  • SOC 2 should enhance your security program rather than becoming a superficial checkbox exercise.
  • Curated visibility reduces friction and improves cross-functional trust.
  • Clarity in ownership is the backbone of a scalable GRC function.
  • Continuous, context-driven evidence cuts audit fatigue and sharpens the entire program.

What You’ll Learn

  • How Tom built and matured GRC programs across four different companies.
  • Why engineering alignment is essential for sustainable compliance.
  • How curated visibility replaces access sprawl and accelerates audits.
  • The difference between risk-driven and compliance-driven GRC.
  • Why automation only works when underlying processes are mature.
  • How to structure ownership to reduce bottlenecks during SOC 2 and similar frameworks.

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Tom Scuderi | Senior Manager of Security & GRC | LTK
Connect on LinkedIn: https://www.linkedin.com/in/tom-scuderi/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify:

https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683

Apple Podcasts:

https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

#SecurityAndGRCDecoded #RajKrishnamurthy #TomScuderi #LTK #GRC #ScalingGRC #SOC2 #EngineeringAlignment #RiskManagement #SecurityLeadership #Compliance #GovernanceRiskCompliance #SecurityGRCPodcast #ComplianceCow

  continue reading

25 episodes

#Tech #Business #Raj Krishnamurthy #ComplianceCow #Security #GRC #Compliance #Cyber Security #Security  GRC #Security  GRC Decoded
Artwork

Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK

Security & GRC Decoded

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 524568621 series 3660899
Content provided by Raj Krishnamurthy. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Raj Krishnamurthy or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Tom Scuderi, Senior Manager of Security & GRC at LTK and a veteran practitioner who has spent his career building governance functions at QTS, Tableau, Salesforce, and LTK. Tom shares how to scale GRC in high-growth environments by designing processes that resemble engineering workflows, reducing friction with stakeholders, and shifting from reactive audits to continuous visibility. He breaks down why curated visibility beats blanket access, why SOC 2 should sharpen—not dilute—your security program, and how to anchor leadership decisions with meaningful risk data.

Key Takeaways

  • GRC only scales when its processes mirror how engineering teams already work.
  • SOC 2 should enhance your security program rather than becoming a superficial checkbox exercise.
  • Curated visibility reduces friction and improves cross-functional trust.
  • Clarity in ownership is the backbone of a scalable GRC function.
  • Continuous, context-driven evidence cuts audit fatigue and sharpens the entire program.

What You’ll Learn

  • How Tom built and matured GRC programs across four different companies.
  • Why engineering alignment is essential for sustainable compliance.
  • How curated visibility replaces access sprawl and accelerates audits.
  • The difference between risk-driven and compliance-driven GRC.
  • Why automation only works when underlying processes are mature.
  • How to structure ownership to reduce bottlenecks during SOC 2 and similar frameworks.

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Tom Scuderi | Senior Manager of Security & GRC | LTK
Connect on LinkedIn: https://www.linkedin.com/in/tom-scuderi/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify:

https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683

Apple Podcasts:

https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450

#SecurityAndGRCDecoded #RajKrishnamurthy #TomScuderi #LTK #GRC #ScalingGRC #SOC2 #EngineeringAlignment #RiskManagement #SecurityLeadership #Compliance #GovernanceRiskCompliance #SecurityGRCPodcast #ComplianceCow

  continue reading

25 episodes

#Tech #Business #Raj Krishnamurthy #ComplianceCow #Security #GRC #Compliance #Cyber Security #Security  GRC #Security  GRC Decoded

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play