EPISODE · Jul 1, 2025 · 1H 8M
Beyond the API: GRC Engineering in the Real World w/ Ange Ferrari, CISO/SVP @ METRO AG
from GRC Engineer · host Ayoub Fandi
Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribeIn this insightful episode of the GRC Engineering Podcast, host Ayoub Fandi sits down with Ange Ferrari, SVP & CISO at Metro Group, for a deep dive into how GRC has evolved over two decades and what it takes to scale security programs globally.Our expert guest:Ange is a security leader with 20+ years experience across public sector, retail giants (Carrefour, IKEA), AWS EMEA, and now leading security for a global wholesaler operating in 36 countries.We explore the evolution and engineering of GRC at enterprise scale, covering:How GRC became the key to career growth from technical roles to CISOWhy cloud transformation shattered traditional risk frameworksThe reality of implementing controls across diverse, global technology stacksHot Take: The critical balance between prevention and detection that most missAWS insider perspective: What enterprise-scale compliance really looks likeEngineering pragmatic GRC programs that work in messy, real-world environmentsWhether you're a CISO scaling global programs, a GRC professional in traditional industries, or anyone trying to make compliance work in complex enterprise environments, Ange shares battle-tested strategies from the front lines.📋 Timestamps:00:00 - Introduction and Ange's Background02:57 - How GRC Enabled Career Growth06:34 - Evolution of GRC Practices Over Time14:52 - Common GRC Implementation Failures25:56 - Defining GRC Engineering33:01 - Where Should GRC Teams Report?39:20 - GRC Challenges in Complex Enterprise Environments49:05 - Lessons from the AWS Vendor Side59:46 - Building Technical Skills in GRC Teams01:03:39 - Hot Take: Prevention vs Detection Balance
What this episode covers
Want more? Subscribe to the GRC Engineer newsletter for exclusive content including a detailed transcript of this episode in next week's edition: https://grcengineer.com/subscribeIn this insightful episode of the GRC Engineering Podcast, host Ayoub Fandi sits down with Ange Ferrari, SVP & CISO at Metro Group, for a deep dive into how GRC has evolved over two decades and what it takes to scale security programs globally.Our expert guest:Ange is a security leader with 20+ years experience across public sector, retail giants (Carrefour, IKEA), AWS EMEA, and now leading security for a global wholesaler operating in 36 countries.We explore the evolution and engineering of GRC at enterprise scale, covering:How GRC became the key to career growth from technical roles to CISOWhy cloud transformation shattered traditional risk frameworksThe reality of implementing controls across diverse, global technology stacksHot Take: The critical balance between prevention and detection that most missAWS insider perspective: What enterprise-scale compliance really looks likeEngineering pragmatic GRC programs that work in messy, real-world environmentsWhether you're a CISO scaling global programs, a GRC professional in traditional industries, or anyone trying to make compliance work in complex enterprise environments, Ange shares battle-tested strategies from the front lines.📋 Timestamps:00:00 - Introduction and Ange's Background02:57 - How GRC Enabled Career Growth06:34 - Evolution of GRC Practices Over Time14:52 - Common GRC Implementation Failures25:56 - Defining GRC Engineering33:01 - Where Should GRC Teams Report?39:20 - GRC Challenges in Complex Enterprise Environments49:05 - Lessons from the AWS Vendor Side59:46 - Building Technical Skills in GRC Teams01:03:39 - Hot Take: Prevention vs Detection Balance
NOW PLAYING
Beyond the API: GRC Engineering in the Real World w/ Ange Ferrari, CISO/SVP @ METRO AG
No transcript for this episode yet
Similar Episodes
Aug 28, 2024 ·56m
Aug 22, 2024 ·78m
May 22, 2024 ·33m
May 1, 2024 ·61m