In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Ryan Schoeller, Director of Security & GRC at Treasure Data, to challenge one of the most deeply rooted assumptions in the industry: that GRC should stay passive and “independent.” Drawing from his experience across startups, mid-market tech companies, and large enterprises, Ryan argues that the most effective GRC teams are the ones that actively participate in control monitoring, risk management, and operational decision-making. This conversation goes beyond audits and checklists, exploring how GRC can truly drive business value by protecting revenue, enabling growth, and embedding risk thinking into everyday operations.

Key Takeaways:

• GRC delivers the most value when it actively participates in monitoring controls, not just validating them after the fact.
• Risk is the most critical — and most neglected — pillar of GRC, often confused with gaps or vulnerabilities.
• Strong relationships with engineering and business teams are essential for GRC to gain meaningful access to data.
• GRC engineering is not just about writing code; it’s about applying an engineering mindset to workflows, tooling, and processes.
• Automation alone is not a business case — value comes from how freed-up time is reinvested.

What You’ll Learn:

• Why the “three lines of defense” model often breaks down in real organizations
• How GRC teams can reduce compliance theater by becoming more operational
• The difference between a vulnerability, a gap, and an actual risk
• How to build a business case for GRC automation that leadership will support
• Why front-ending GRC work (sales assurance, customer trust) often matters more than backend audit prep

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Ryan Schoeller | Director of Security & GRC | Treasure Data
Connect on LinkedIn: https://www.linkedin.com/in/ryanschoeller/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:

Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683

Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450