Wondering where to start with Enterprise Risk Management (ERM)? In this episode, Security Service FCU risk management expert, Erich Herzberger, deep-dives into ERM for credit unions and smaller organizations. He covers how to kickstart your program, shift from reactive to proactive risk management, and tackle today's regulatory challenges. Plus, hear what keeps him up at night in the evolving world of risk. Tune in for all things ERM!

To celebrate a decade of LogicGate, co-founders Matt Kunkel, Jon Siegler, and Dan Campbell take listeners back to where it all began. They reflect on LogicGate’s origins and evolution, sharing early challenges, key milestones—including the story behind the GOAT mascot—and pivotal moments that shaped the first ten years. The founders also discuss the company's growth, the changing GRC landscape, company culture, and their vision for the future. Tune in for firsthand insights from the founders in this special commemorative episode.

Join Vinted’s Group Risk & Compliance Officer, Elisabeth Quillatre, and Risk Process Manager, Goda Marija Vaitkeviciute, as they debunk common GRC myths in retail. From data privacy to supply chain risks, they explore the human side of risk and share practical insights on building a strong compliance culture, not just implementing controls.

Tune in as we’re joined by industry leaders from BCU, BillGo, and Centier Bank that share their unique perspective and insight on the future of the financial industry.

Hosted by Meghan Maneval, panelists Stephenie Southard, Steve Gasiamis, and Donald Rome dive into the key trends and challenges shaping the financial landscape in 2025. From navigating regulatory changes and ensuring security resilience, to exploring the rise of digital banking technologies like blockchain, AI, and open banking, guests will discuss how financial institutions must prepare for risks related to third-party management and more. Don’t miss out on a thought provoking and engaging conversation on the ever-evolving financial risk landscape.

In this episode, Google Continuous Assurance Engineering Director, Vikram Khare, and Senior Software Engineering Manager, Eric Zhang, discuss implementing continuous assurance, with tips for getting started and real-world examples through the lines of defense. They cover the challenges of keeping up with evolving controls and risks, as well as the reality of automating controls only to need updates again. Tune in to hear best practices for maintaining integrations and automations, how auditors and GRC professionals can embrace AI, and ways to quantify ROI to 

In this episode, host Meghan Maneval is joined by Google’s Product Management Lead for Cybersecurity Compliance Products, Ruchi Khurana, to explore the current state of AI and automation in the GRC industry. They dive into key considerations for the role of AI and ML in the GRC domain, including critical success criteria and how to prioritize AI-related risks across departments. They also discuss the key challenges in the GRC industry. Tune in for insights on leveraging AI and ML to drive efficiency and improve GRC processes.

In the season 8 finale, guest host Jade Trombetta is joined by Salim Alameddin, Senior Vice President at Crossroads Strategies, LLC to discuss key cybersecurity and AI regulation trends and new administration objectives that will shape 2025. They explore a variety of topics from the evolving landscape of cybersecurity, including the growing threat of geopolitical cyberattacks, to AI and compliance under the new administration. They also chat about the challenges some of the cabinet may have jumping from the tech world into government work, and other 2025 economic trends our GRC community is interested in. Tune in for a conversation on the critical issues faced today.

In this episode, host Meghan Maneval is joined by LogicGate’s Chief Customer Officer, Jen Renna, to discuss the evolution of customer success at LogicGate. They dive into what success looks like from both a customer and internal perspective, and why people are at the heart of it all. The discussion also covers key considerations when selecting a GRC platform, what customers can expect from LogicGate moving forward, proving that GRC is not a cost center with value realization, and how the company drives value internally to foster success.

Join us in this episode as host Meghan Maneval and Michael Rasmussen - GRC Analyst & Pundit at GRC 20/20 Research, LLC - discuss vendor risk management and the differences between third, fourth, and fifth-party risks. They discuss essential regulations and standards in the financial and banking sectors, highlighting how they vary by organization maturity. As well as best practices for effectively building and managing a comprehensive vendor risk management program and staying current with risk management standards. Michael touches on the role of automation and AI in enhancing vendor risk programs, as well as their limitations. And he shares his 2025 regulatory predictions and their potential impact on vendor risk strategies in the financial services.

In this episode, we’re excited to explore the ever-changing landscape of banking compliance. We’ll cover best practices for staying audit-ready amidst constantly evolving regulations. The discussion will address compliance requirements, from NCUA mandates to state-specific privacy laws, PCI 4.0, and more. We’ll also talk about AI in banking along with third-party and vendor risks. This insightful conversation will highlight both the challenges and best practices in navigating compliance complexities across the industry.

Optimizing Risk: GRC is no longer a cost center - it’s a business enabler

Guests: LogicGate CEO, Matt Kunkel and CISO, Nick Kathmann

Historically GRC was viewed as one line in a budget sheet, but that is rapidly changing. GRC practitioners are elevating their programs with tools and technologies that aggregate data and story-tell situational risk, security, compliance changes and more so businesses can make risk-based decisions to move the needle forward. Matt Kunkel and Nick Kathmann will share why good security pays for itself, the role GRC plays in the boardroom and how to connect GRC programs to business impact. 

Switching from traditional risk analysis methods like ordinal lists or red-yellow-and-green charts to more modern approaches like risk quantification requires a paradigm shift in how you think about measuring risk, but the increased accuracy, specificity, and reliability you’ll gain by doing so pays dividends.

On this episode of GRC & Me, Netflix’s Tony Martin-Vegue join LogicGate’s Chris Clarke to explore the best ways to navigate this transition, how to learn and leverage popular risk quantification frameworks like Open FAIR, and why you shouldn’t completely throw your colored charts out the window just yet.

They say it takes a thief to catch a thief, so why not a hacker to catch a hacker? 

That was the premise behind Ted Harrington’s Independent Security Evaluators, a company dedicated to poking holes into other companies’ cyber defenses — for the right reasons, of course. On this episode of GRC & Me, Ted takes LogicGate’s Chris Clarke on a journey down the benevolent hacker’s rabbit hole, where they discuss:

• The difference between white box and black box testing (and which is better.)
• Why carrying these exercises out can build trust and become a competitive advantage in third-party risk assessment.
• Why it’s important to shift your mindset from one that views security as an obstacle to one that views it as an opportunity.
• Uncovering the unknown unknowns in cybersecurity.
• How “defense in depth” strategies can put security teams a step ahead of threat actors.
• The four traits that lead hackers to be successful, and why thinking like one can be an effective way to bolster your cyber defenses.

Few careers involve managing as much risk as one where you’re responsible for launching humans riding gigantic rockets into outer space. That’s exactly what Barrios Technology Chief Strategy Officer Ginger Kerrick did during her three-decade career working for NASA.

On this episode of GRC & Me, Ginger joins LogicGate’s Chris Clarke to discuss methods for developing methodical, standardized thought processes for risk decision-making in high-stakes scenarios, how NASA employees are trained to separate logic from emotion, how disasters can inform future mitigation planning, and why the most important part of managing risk is having the right leaders in place.

One of the most high-profile risk events of the last year was the swift collapse of Silicon Valley Bank and other regional banks amid spiking interest rates. Part of the problem? The lack of a complete, comprehensive view of the risks these banks were facing — in particular, liquidity risk.

Allstate Canada's Chief Risk Officer Jason Wang has spent his career assessing and analyzing risk in the financial services space, dedicated to anticipating and mitigating risks just like the one that sank SVB. On this episode of GRC & Me, Jason joins LogicGate’s Chris Clarke to discuss the importance of building a holistic risk register, how to position risk management as a strategic enabler instead of a “revenue prevention” department, why it’s critical to include your chief risk officer on the executive team, and more.

When doing business with the federal government and its myriad agencies, organizations are bound to run into plenty of mandates, regulations, and other requirements. Navigating them all can cause a headache for even the most detail-oriented compliance managers.On this episode of GRC & Me, Chris Clarke is joined by Intel Federal’s Compliance Program Manager, John Griffin. Griffin draws on his decades of experience in federal contracting and working with government agencies at companies like Honeywell and Boeing to explore methods for better managing product development and performing diligence on third-party vendor relationships while operating under strict and stringent government standards and requirements. Plus, learn a few of Griffin’s more creative methods for determining how risky a particular organization might be to work with.

Oftentimes, cyber risk teams are viewed as reactive “audit police,” swooping into projects to flag risks and forcing changes at key points. This approach can generate a resentful — even toxic — risk culture. There’s a better way to build healthier risk cultures: Taking a more collaborative, embedded approach to cyber risk management by positioning cyber risk leaders as advisors and partners, working side-by-side with project teams from the start.

On this episode of GRC & Me, Chris Clarke is joined by Cyberpink’s Founder & Owner, Praj Prayag-Deb, to discuss how to shift your organization’s risk culture toward this new approach, her formula for building successful cyber risk programs from scratch, how leveraging the right technology makes it all possible, and why adopting a growth mindset is critical for every cyber risk leader.

Cybersecurity programs involve lots of moving parts, and they only grow more complex over time as technology becomes more advanced and cyber threats become more numerous and sophisticated. Cyber risk quantification can be a crucial tool for keeping up with shifting cybersecurity landscapes.On this episode of GRC & Me, Chris Clarke is joined by Protiviti’s Daniel Stone, Director, and Tim Kelly, Associate Director, to discuss how cyber risk quantification can lead to better risk decision-making, how to beat analysis paralysis when you’ve got reams of risk data in front of you, and the best ways to use risk quantification to reduce reactivity and improve communication across your organization.

With information and cybersecurity incidents growing in frequency and severity, regulators in the European Union are hard at work devising new rules designed to incentivize organizations to harden their cyber defenses.

On this episode of GRC & Me, Megan Brown sits down with Wizz Air’s Andras Szabolcs, Cyber Risk Expert, and Peter Szigetvari, Operational Risk Expert, to break down the similarities and differences between two of these new European Union regulations — the Digital Operational Resilience Act, or DORA, and Network and Information Security Directive 2, or NIS2 — how they could affect nearly every company despite their official scope, and how organizations can prepare to comply with them using modern GRC technology.

In just a few months, artificial intelligence went from a fringe technology to full-speed ahead with the public release of ChatGPT. This fascinating technology has the potential to revolutionize how we automate our businesses, but there are numerous reasons to give pause before integrating it into your organization’s operations. On this episode of GRC & Me, Dorian Cougias, Co-Founder and CEO of United Compliance Framework and Chris Clarke sit down to discuss the risks and rewards of embracing AI-driven automation, corpora management, data ownership, and the necessity of double-checking everything generative AI spits out.