How Pragmatic Controls Build Trust Between GRC, Security, and Engineering ft Mukund Sarma, Deputy CISO @ Chime cover art

How Pragmatic Controls Build Trust Between GRC, Security, and Engineering ft Mukund Sarma, Deputy CISO @ Chime

How Pragmatic Controls Build Trust Between GRC, Security, and Engineering ft Mukund Sarma, Deputy CISO @ Chime

Listen for free

View show details

About this listen

In this episode of Security & GRC Decoded, host Raj Krishnamurthy sits down with Mukund Sarma, Deputy CISO and Head of Product Security at Chime, to explore what happens when governance, risk, and compliance teams work with engineering instead of against it. Mukund shares real-world lessons from a decade in security, explaining how to balance shift-left initiatives, build paved paths that reduce friction, and make compliance a natural byproduct of great engineering. This is a masterclass in aligning security, GRC, and DevOps for scale and sanity.


5 Key Takeaways

  • GRC isn’t a blocker—it’s a mirror that keeps security honest and accountable.
  • Strong security engineering automatically strengthens compliance outcomes.
  • Friction between security and engineering fades when empathy drives collaboration.
  • “Shift left” works best when paved paths and automation support developers.
  • Practical controls and continuous validation create sustainable, scalable governance.

What You’ll Learn

  • How to bridge silos between security, GRC, and engineering teams.
  • Why automation and continuous control monitoring are the future of compliance.
  • What “practical controls” really mean in modern DevSecOps environments.
  • How empathy and communication transform security culture.
  • Why compliance should follow great security engineering, not lead it.
  • Real-world examples from Chime’s approach to product security.

This podcast is brought to you by ComplianceCow — the smarter way to manage compliance. Automate evidence collection, eliminate screenshots, and scale your program with confidence. Learn more: https://www.compliancecow.com

Watch more episodes: https://www.compliancecow.com/podcast

Connect With Our Guest:
Mukund Sarma | Deputy CISO and Head of Product Security | Chime
Connect on LinkedIn: https://www.linkedin.com/in/sarmamukund/

Rate, review, and share if you enjoyed the show!

Subscribe to Security & GRC Decoded wherever you get your podcasts:
Spotify: https://open.spotify.com/show/5pigcMwOrYIA6d9OOOsxqr
Apple Podcasts: https://podcasts.apple.com/us/podcast/security-grc-decoded/id1795144450?i=1000736617569
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.