Ep 14 — GRC Is Solving the Wrong Problem in an AI World | Ayoub Fandi
GRC is at a turning point.
In this episode of the TPRM Podcast, Threats, Pitfalls & Risk Myths, Nate Lee sits down with Ayoub Fandi, GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter.
As AI reshapes how security teams operate, many GRC programs are still built around audits, frameworks, and compliance driven workflows. Ayoub explains why this model is quickly losing relevance and why simply automating existing processes is not enough.
The conversation explores what it actually means to rethink GRC in an AI native world. Nate and Ayoub break down the shift from compliance driven programs to risk driven decision making, and why most teams are still optimizing for audit outcomes instead of real impact.
They also discuss how AI is changing the nature of work inside GRC, why compliance is becoming table stakes, and how risk management remains the most complex and human part of security.
Beyond frameworks and tooling, the episode dives into systems thinking, stakeholder alignment, and how GRC teams can become more embedded within security and the broader business.
Ayoub shares practical ways to get started, from quick wins that demonstrate value to rethinking workflows from first principles in an agentic, AI driven environment.
This episode is essential listening for CISOs, security leaders, and GRC practitioners looking to stay relevant as AI reshapes the security landscape.
Listen and Subscribe
Spotify - https://open.spotify.com/show/7JvPsyMJPgVLOKuJhkKfxA?si=1c7d77143ad7424a
Apple Podcasts - https://podcasts.apple.com/us/podcast/the-tprm-podcast/id1848217699
YouTube - https://youtube.com/@TPRMPodcast
Episode Sponsor
This episode features a message from TrustMind, a security questionnaire automation platform designed to help teams respond more quickly and consistently to vendor security reviews.
TrustMind uses AI to automatically complete security questionnaires using your existing documentation, policies, and prior responses so security teams can spend less time copying and pasting and more time securing their platforms.
Learn more at
https://trustmind.com
About the Guest
Ayoub Fandi is the GRC Engineering Lead at GitLab and creator of the GRC Engineer podcast and newsletter. He focuses on rethinking how governance, risk, and compliance evolve in an AI driven world.
His work centers on applying systems thinking, automation, and engineering principles to modernize GRC programs and better align them with modern security practices.
About the Host
Nate Lee is a B2B Scaleup CISO and Founder of Cloudsec.ai and TrustMind. He works with SaaS companies to build business aligned security programs that increase developer velocity, strengthen customer trust, and support rapid growth.
About the Show
The TPRM Podcast features real world conversations with security leaders who are reshaping how we think about cybersecurity and risk.
Each episode explores the threats, pitfalls, and risk myths behind modern security programs and what it actually takes to protect organizations operating at scale.