#236 - Build a World Class GRC Program (with Matt Hillary)

CISO Tradecraft®

Jun 09, 2025•47 min•Ep. 236

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.

Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/

Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/

Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/

Chapters

01:39 Meet Matt Hillary: CISO of Drata
06:06 The Evolution of GRC and Trust Management
14:48 Continuous Compliance and Automation
19:26 Compliance as Code: The Future of GRC
22:18 The Importance of Getting It Right the First Time
23:15 Customer Compliance Challenges
24:21 Vendor Risk Management and Trust Building
26:26 Leveraging AI for Compliance and Risk Management
31:43 Evaluating Credibility of Third-Party Evidence
41:09 Common Mistakes in GRC Programs
43:56 Final Thoughts and Industry Call to Action

For the best experience, listen in Metacast app for iOS or Android