Sign up to save your podcasts
Or
Share “This GRC Space is Hot!” with Varun Gurnaney, Staff Security Engineer at Apple
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
“This GRC Space is Hot!” with Varun Gurnaney, Staff Security Engineer at Apple
How does a software engineer become a GRC leader? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Varun Gurnaney, Staff Security Engineer at Apple. Varun shares his journey from writing janky Python scripts for compliance evidence collection to shaping the discipline of GRC engineering at some of the world’s biggest companies.
He discusses the cultural and technical gaps between security, engineering, GRC, and audit — and how automation can bridge them. From building one control really well to proving value through audit automation, Varun lays out why the GRC space is hotter than ever. This conversation is a must-listen for anyone navigating compliance at scale.
🔑 5 Key Takeaways
- Compliance ≠ Security: Passing audits is not enough — engineering-driven GRC is the future.
- Start Small: Automate one control well to prove value before scaling automation.
- Bridging Teams: Cultural friction between engineering, security, GRC, and audit is real — empathy and communication reduce the pain.
- Audit Anxiety: Audit automation is about reducing anxiety and toil as much as passing audits.
- GRC Engineering is a Discipline: Whether it lives inside GRC or security, automation is now essential.
📚 What You’ll Learn
- How Varun transitioned from software engineering into GRC leadership
- Why compliance automation looks different for SMBs, mid-market, and enterprises
- The technical and cultural blockers between engineering and GRC
- Practical strategies for proving automation value internally
- How generative AI and coding agents will shape audit and compliance automation
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.
📺 Watch more episodes and learn from top leaders in the GRC space!
Connect With Our Guest:
Varun Gurnaney | Staff Security Engineer | Apple
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
- Spotify
- Apple Podcasts
View all episodes
By Raj KrishnamurthyHow does a software engineer become a GRC leader? In this episode of Security & GRC Decoded, host Raj Krishnamurthy welcomes Varun Gurnaney, Staff Security Engineer at Apple. Varun shares his journey from writing janky Python scripts for compliance evidence collection to shaping the discipline of GRC engineering at some of the world’s biggest companies.
He discusses the cultural and technical gaps between security, engineering, GRC, and audit — and how automation can bridge them. From building one control really well to proving value through audit automation, Varun lays out why the GRC space is hotter than ever. This conversation is a must-listen for anyone navigating compliance at scale.
🔑 5 Key Takeaways
- Compliance ≠ Security: Passing audits is not enough — engineering-driven GRC is the future.
- Start Small: Automate one control well to prove value before scaling automation.
- Bridging Teams: Cultural friction between engineering, security, GRC, and audit is real — empathy and communication reduce the pain.
- Audit Anxiety: Audit automation is about reducing anxiety and toil as much as passing audits.
- GRC Engineering is a Discipline: Whether it lives inside GRC or security, automation is now essential.
📚 What You’ll Learn
- How Varun transitioned from software engineering into GRC leadership
- Why compliance automation looks different for SMBs, mid-market, and enterprises
- The technical and cultural blockers between engineering and GRC
- Practical strategies for proving automation value internally
- How generative AI and coding agents will shape audit and compliance automation
This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence.
📺 Watch more episodes and learn from top leaders in the GRC space!
Connect With Our Guest:
Varun Gurnaney | Staff Security Engineer | Apple
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
- Spotify
- Apple Podcasts