GRC Is an Engineering Discipline. Not a Checklist. ft Akhila Chitiprolu, Head of Security & GRC @ Sierra
Tue Jan 27 2026
GRC has long been seen as abstract, manual, and disconnected from how modern engineering teams actually work, but that narrative is breaking down. In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Akhila Chitiprolu, Head of Security & GRC at Sierra, to explore why GRC must be treated as an engineering discipline, not a compliance afterthought. Drawing from her experience across T-Mobile, Expedia, Stripe, and AI-native companies, Akhila explains how systems thinking, automation, and shared ownership can radically reduce compliance toil while increasing trust. This conversation goes deep into GRC engineering, audit realities, automation tradeoffs, and what the future of compliance looks like in an AI-driven world.
Key Takeaways:
GRC works best when treated as a system with inputs, processes, outputs, and feedback loops Automation should focus on intent and outcomes, not blindly speeding up broken manual processesGRC professionals act as a middleware layer between engineers, auditors, and customersNot all controls should be automated — but 70% can be, with humans in the loop where it mattersThe future of GRC depends on engineering mindset, context, and trust, not checklists What You’ll Learn:
Why GRC is fundamentally a systems engineering problemHow to reduce engineering toil without weakening audit postureWhen automation helps — and when it creates false efficiencyHow GRC teams should approach AI, agents, and non-deterministic systemsPractical ways to build a GRC engineering function over timeThis podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com
Watch more episodes: https://www.compliancecow.com/podcast
Connect With Our Guest:
Akhila Chitiprolu | Head of Security & GRC | Sierra
Connect on LinkedIn: https://www.linkedin.com/in/akhilachitiprolu/
Rate, review, and share if you enjoyed the show!
Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450
More
GRC has long been seen as abstract, manual, and disconnected from how modern engineering teams actually work, but that narrative is breaking down. In this episode of Security & GRC Decoded, Raj Krishnamurthy sits down with Akhila Chitiprolu, Head of Security & GRC at Sierra, to explore why GRC must be treated as an engineering discipline, not a compliance afterthought. Drawing from her experience across T-Mobile, Expedia, Stripe, and AI-native companies, Akhila explains how systems thinking, automation, and shared ownership can radically reduce compliance toil while increasing trust. This conversation goes deep into GRC engineering, audit realities, automation tradeoffs, and what the future of compliance looks like in an AI-driven world. Key Takeaways: GRC works best when treated as a system with inputs, processes, outputs, and feedback loops Automation should focus on intent and outcomes, not blindly speeding up broken manual processesGRC professionals act as a middleware layer between engineers, auditors, and customersNot all controls should be automated — but 70% can be, with humans in the loop where it mattersThe future of GRC depends on engineering mindset, context, and trust, not checklists What You’ll Learn: Why GRC is fundamentally a systems engineering problemHow to reduce engineering toil without weakening audit postureWhen automation helps — and when it creates false efficiencyHow GRC teams should approach AI, agents, and non-deterministic systemsPractical ways to build a GRC engineering function over timeThis podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com Watch more episodes: https://www.compliancecow.com/podcast Connect With Our Guest: Akhila Chitiprolu | Head of Security & GRC | Sierra Connect on LinkedIn: https://www.linkedin.com/in/akhilachitiprolu/ Rate, review, and share if you enjoyed the show! Subscribe to Security & GRC Decoded wherever you get your podcasts: Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr?si=416b82ab5c474683 Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450