The GRC Engineering Blueprint for the Public Sector w/ Dr. Ibrahim Waziri Jr. from Google

In this episode of the GRC Engineer podcast, Ayoub Fandi interviews Dr. Ibrahim Waziri Jr., Global Insider Risk Lead for the Cloud CISO at Google, to discuss GRC engineering, particularly within the U.S. federal and national security sectors. Dr. Waziri shares his extensive background, including his work with OSCAL, ATO implementations, and various roles in government and the private sector. The conversation covers the definition of GRC engineering, its application across different governance models, the role of tools like OSCAL, and the challenges and benefits of prescriptive frameworks. They explore how to prove the value of GRC in mission-driven environments, the complexities of heterogeneous infrastructures, and the balance between rigor and bureaucracy. Dr. Waziri also shares his vision for the future of GRC engineering, emphasizing regulatory acceleration, the importance of "as code" approaches, and the need for global harmonization.

Outlines

Part 1: Introduction to GRC Engineering

Part 2: Defining and Implementing GRC Engineering

Part 3: Value and Challenges

Part 4: Future Trends

Sign in to continue reading, translating and more.

Continue

GRC Engineer

Part 1: Introduction to GRC Engineering

Introduction to GRC Engineering in Mission-Driven Sectors

Dr. Waziri's Journey into Government Cybersecurity and GRC

Part 2: Defining and Implementing GRC Engineering

Defining GRC Engineering: From Static to Dynamic Compliance

The Role of GRC Engineering in Data Quality and Regulatory Compliance

The Prescriptive Nature of Federal Frameworks and OSCAL's Impact

Balancing Speed and Security in the Federal Space

Part 3: Value and Challenges

Defining and Proving Value in Mission-Driven Environments

Addressing Heterogeneous Infrastructure and Legacy Systems

Balancing Rigor and Bureaucracy in the Public Sector

Part 4: Future Trends

The Future of GRC Engineering: Regulatory Acceleration and Global Harmonization

The GRC Engineering Blueprint for the Public Sector w/ Dr. Ibrahim Waziri Jr. from Google

GRC Engineer

Part 1: Introduction to GRC Engineering

00:00Introduction to GRC Engineering in Mission-Driven Sectors

Introduction to GRC Engineering in Mission-Driven Sectors

04:15Dr. Waziri's Journey into Government Cybersecurity and GRC

Dr. Waziri's Journey into Government Cybersecurity and GRC

Part 2: Defining and Implementing GRC Engineering

10:31Defining GRC Engineering: From Static to Dynamic Compliance

Defining GRC Engineering: From Static to Dynamic Compliance

15:50The Role of GRC Engineering in Data Quality and Regulatory Compliance

The Role of GRC Engineering in Data Quality and Regulatory Compliance

23:21The Prescriptive Nature of Federal Frameworks and OSCAL's Impact

The Prescriptive Nature of Federal Frameworks and OSCAL's Impact

27:23Balancing Speed and Security in the Federal Space

Balancing Speed and Security in the Federal Space

Part 3: Value and Challenges

35:08Defining and Proving Value in Mission-Driven Environments

Defining and Proving Value in Mission-Driven Environments

43:54Addressing Heterogeneous Infrastructure and Legacy Systems

Addressing Heterogeneous Infrastructure and Legacy Systems

52:59Balancing Rigor and Bureaucracy in the Public Sector

Balancing Rigor and Bureaucracy in the Public Sector

Part 4: Future Trends

58:52The Future of GRC Engineering: Regulatory Acceleration and Global Harmonization

The Future of GRC Engineering: Regulatory Acceleration and Global Harmonization