GRC Has Layers!

Security teams get asked the same question in a hundred different ways: “What’s the ROI?” We go straight at it with Monica Reagor, Manager of Information Security Compliance at Crestron Electronics and host of the My GRC POV podcast, to show how governance, risk, and compliance becomes a growth lever when it’s done with clarity, data, and the right relationships.We trace Monica’s path from technical IT roles into compliance, then zoom in on the real work of modern information security compliance: translating legislation into executive decisions, turning requirements into engineering action, and mapping frameworks like NIST and ISO 27001 so you can scale evidence, audits, and certifications without burning out your team. We also talk about why “I don’t make money” is the wrong framing and how security can protect revenue, reduce loss, and even help win contracts when customer security questionnaires become the price of entry.Then we get into the pressure cooker: AI governance, privacy, supply chain risk management, and the reality that regulations evolve across US states, federal agencies, the EU, and APAC markets at the same time. Monica shares why operating to the most restrictive standard can be the simplest global strategy, and why GRC must show up early so teams can move fast with documented risk decisions instead of last-minute blockers.If you’re building a GRC program, defending a security budget, or trying to connect compliance to real business outcomes, you’ll leave with language you can use and a clearer mental model for the layers. Subscribe, share this with a teammate who needs it, and leave a review with your biggest challenge proving security value.Send us Fan MailSupport the showhttps://www.vigilantviolet.com/www.linkedin.com/in/jessvachon1