GRC Leaders Sessions - 2024.6.8 - George Totev, Snowflake

At Trustero, we often find ourselves working with some of the most innovative and creative Leaders in the Information Security space -- the kind of people looking at new technology to get an edge. We had the opportunity to kick off our GRC Leaders Series with a conversation with George Totev, the Director of Customer Trust at Snowflake, and it's a great one. George is someone we've had a relationship with for a long time and one of our absolute favorite people to talk to and learn from. He's had an impressive career protecting some of the biggest companies in the world like Visa, Goldman Sachs, Atlassian, and now Snowflake.

In our conversation, he shared insights into the evolving landscape of Governance, Risk, and Compliance (GRC).

Key Takeaways from George's Discussion:

1. Evolution of GRC: George traced his journey from security architecture to leading GRC functions, highlighting his growing interest in risk management, which he sees as a bridge between business and technology. His current role at Snowflake focuses on customer trust, which involves managing the entire lifecycle of trust—from understanding business objectives to ensuring compliance with various certifications.
2. Trends in GRC: George noted a significant shift from globalization to deglobalization, with increasing regional regulations like GDPR and DORA shaping how companies manage data. This trend requires businesses to be more vigilant about their supply chains and the geopolitical factors that could impact them.
3. Challenges and Strategies: As companies face growing regulatory requirements, George emphasized the importance of strategic planning and efficiency. He pointed out that smaller companies must also prepare for these regulations, which often trickle down from larger multinational corporations.
4. The Role of AI in GRC: AI is seen as both an opportunity and a challenge in the GRC space. While it offers efficiencies in tasks like security questionnaires and audit readiness, it also raises concerns about data integrity and regulatory compliance. George encouraged GRC professionals to embrace AI as a tool to enhance their teams' effectiveness, freeing them to focus on more strategic work.
5. Career Advice for GRC Professionals: To stay relevant in the AI-driven landscape, George advised GRC practitioners to shift their focus from merely providing insurance for their companies to adding value through close collaboration with sales, product, and engineering teams. He also recommended staying engaged with industry groups, regulators, and vendors to remain informed about emerging trends and challenges.

Some Exciting News from Trustero: Trustero announced the launch of its new AI-powered security questionnaire tool, and it's free to start. This tool is designed to streamline the process of answering security questionnaires, a common and time-consuming task for GRC teams. Head to www.trustero.com/QC to start using Questionnaire Copilot today.