Description

How does a network engineer become a GRC leader? Ramya Subramanian’s journey spans nearly two decades across IT, security, and governance. Now serving as Director of GRC & Privacy Operations at Freshworks, she joins Raj to unpack the evolving role of GRC: from quantifying risk and managing compliance debt to building automation that doesn’t slow engineering down.

Ramya also shares how storytelling, PR-style evangelism, and simplifying policies can shift the perception of GRC from policing to business enabler. This episode is a playbook for anyone trying to modernize risk and compliance in fast-moving environments.

5 Key Takeaways

• Engineer’s edge in GRC: Why Ramya’s technical background makes her approach to governance unique.
• Quantifying risk with dollars: Why risk measurement needs financial context, not just “likelihood x impact.”
• Automation as a path forward: How Freshworks is reducing compliance toil for engineers.
• Simplify policies and awareness: Cutting policy docs by 90% and building bite-sized security training.
• GRC as PR: Storytelling and evangelism can reframe GRC as a business enabler, not a blocker.

What You’ll Learn

• How GRC and security complement each other
• Challenges of risk quantification and continuous measurement
• Why engineers perceive GRC as compliance tax
• How automation and GRC engineering can reduce manual effort
• The cultural perception of GRC and how to change it

⏱️ (Approximate) Timestamps

[00:01:43] From network engineer to GRC leader
 [00:03:37] How Ramya defines Governance, Risk, and Compliance
 [00:05:28] Quantifying risk: from controls to financial impact
 [00:07:41] Why continuous risk measurement is so hard
 [00:11:49] How others perceive GRC inside organizations
 [00:13:43] Changing the “policing” perception of GRC
 [00:17:50] Rewriting policies & security awareness at Freshworks
 [00:19:38] Bringing auditors along the journey
 [00:21:33] Reducing compliance tax with automation
 [00:26:10] Why GRC needs engineering skills
 [00:29:58] Technical vs non-technical sides of GRC
 [00:31:47] Skills Ramya looks for when hiring
 [00:33:53] Generative AI’s impact on GRC
 [00:37:49] Dream GRC solution: context-aware automation
 [00:39:32] Building a business case for automation
 [00:44:00] Who should tell the GRC automation story?
 [00:45:54] Challenges with auditors in the AI era
 [00:46:49] From city editor to GRC leader — storytelling roots
 [00:52:26] Rajinikanth’s influence at Freshworks

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: compliancecow.com

Connect With Our Guest:

Ramya Subramanian | Director of GRC & Privacy Operations | Freshworks
Connect on LinkedIn

Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:

Spotify and Apple Podcasts