Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK

Security & GRC Decoded

Security & GRC Decoded
Scaling GRC Without the Chaos: How to Build Programs That Don’t Break ft Tom Scuderi, Senior Manager of Security & GRC @ LTK
Dec 16, 2025 Season 1 Episode 25
Raj Krishnamurthy

In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Tom Scuderi, Senior Manager of Security & GRC at LTK and a veteran practitioner who has spent his career building governance functions at QTS, Tableau, Salesforce, and LTK. Tom shares how to scale GRC in high-growth environments by designing processes that resemble engineering workflows, reducing friction with stakeholders, and shifting from reactive audits to continuous visibility. He breaks down why curated visibility beats blanket access, why SOC 2 should sharpen—not dilute—your security program, and how to anchor leadership decisions with meaningful risk data.

Key Takeaways

  • GRC only scales when its processes mirror how engineering teams already work.
  • SOC 2 should enhance your security program rather than becoming a superficial checkbox exercise.
  • Curated visibility reduces friction and improves cross-functional trust.
  • Clarity in ownership is the backbone of a scalable GRC function.
  • Continuous, context-driven evidence cuts audit fatigue and sharpens the entire program.

What You’ll Learn

  • How Tom built and matured GRC programs across four different companies.
  • Why engineering alignment is essential for sustainable compliance.
  • How curated visibility replaces access sprawl and accelerates audits.
  • The difference between risk-driven and compliance-driven GRC.
  • Why automation only works when underlying processes are mature.
  • How to structure ownership to reduce bottlenecks during SOC 2 and similar frameworks.

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Tom Scuderi | Senior Manager of Security & GRC | LTK
Connect on LinkedIn: https://www.linkedin.com/in/tom-scuderi/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:

Spotify

https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683


Apple Podcasts:

https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450


#SecurityAndGRCDecoded #RajKrishnamurthy #TomScuderi #LTK #GRC #ScalingGRC #SOC2 #EngineeringAlignment #RiskManagement #SecurityLeadership #Compliance #GovernanceRiskCompliance #SecurityGRCPodcast #ComplianceCow