As businesses face mounting regulatory pressure, escalating cyber threats, and an aging workforce, one thing is clear: the GRC talent pipeline is in trouble. In this episode, Shruti Mukherjee joins to explore a quiet but growing crisis—seasoned GRC professionals are retiring faster than new talent is stepping in, and most organizations aren’t prepared.
Drawing from her own journey from software engineer to GRC generalist, Shruti shares her perspective on why GRC roles are misunderstood, how technical skills can give professionals an edge, and what it will take to reshape this career path before it’s too late.
Breaking In: From Code to Compliance
Shruti shares her unconventional path into GRC, starting in software engineering and ultimately finding her calling in compliance and risk management.
“Today, if you ask me who I am, I am a GRC professional. I’m a generalist. I’m also a specialist in some areas—and I love my job.” – Shruti
Her technical roots give her an edge in navigating cross-functional work and understanding engineering processes, a growing advantage in a field where technology and automation are changing expectations.
GRC’s Image Problem: Is It Just Boring?
The group dives into a debate around why GRC isn't attracting new talent. Spoiler: it’s got a PR problem.
“GRC almost requires you to be a little bit more personable… and I don't know if you've talked to someone under the age of 20 lately.” – Kendra
Pay disparities, misconceptions about the work, and the perception that GRC is “less sexy” than engineering roles all play a part in deterring newcomers.
Reframing the Pipeline: Who Should We Be Recruiting?
Instead of only targeting new grads, maybe the key is tapping mid-career professionals who’ve seen the value of GRC firsthand.
“Maybe it’s time to come to the good side.” – Kendra
Shruti agrees: people with technical backgrounds often thrive in GRC after experiencing its impact, especially when they’re ready for something more strategic.
The Role of AI and Automation: Friend or Foe?
A recurring theme in the episode is the rise of AI and whether it threatens the GRC profession.
“I treat AI like an intern. It can do some of the work, but I’ll always check it before it leaves the building.” – Shruti
The team pushes back on the idea that platforms and automation can (or should) replace GRC professionals, especially when quality and context are on the line.
What Should New GRC Pros Learn?
According to Shruti, curiosity, people skills, and continuous learning matter more than having a formal degree in compliance.
“The secret recipe is curiosity. If you're eager to learn, the rest you can pick up.” – Shruti
That said, she acknowledges areas where formal training might help; like internal audits or navigating the dynamics of external auditor relationships.
Critical Thinking, Not Just Checkboxes
The episode ends with a powerful warning: if GRC becomes overly reliant on automation, we risk losing our ability to think critically.
“We're losing our ability to be critical thinkers. We're training a new generation to trust automation—without teaching them what questions to ask.” – Kendra
Everyone agrees: tools should support the work, not replace the judgment, context, and nuance that human professionals bring.
Share this post