In this episode of GRC Uncensored, Richa, founder and CEO of Complyance, joins the hosts to unpack the growing tension between scalable compliance tooling and the real needs of maturing GRC teams. The conversation examines why SOC 2 in a box solutions fall short for mid-market organizations and what it truly means to integrate AI without compromising privacy. Along the way, the group debates the future of entry-level roles, the role of trust in automation, and whether AI is truly replacing, or simply reshaping, the GRC profession.

[00:01:00] — Intro & guest introduction: Who is Richa and what is Complyance?

[00:03:00] — Why Complyance is not “SOC 2 in a box” and how their ethos differs

[00:06:00] — Segmenting the GRC tooling market: Startups vs mid-market vs enterprise

[00:08:00] — Mid-market struggles: From Excel to Airtable to tailored automation

[00:12:00] — The audit bundling debate: Why Complyance refuses to package audits

[00:15:00] — Saying no to venture capital pressure and building for the right customer

[00:18:00] — What GRC software should enable: peace of mind, not paperwork

[00:19:00] — Roundtable: Troy and Kendra weigh in on AI in GRC

[00:27:00] — Conversational AI, embedded AI, and the rise of Agentic AI

[00:31:00] — Risk owners, vendor reviews, and trust in automation

[00:34:00] — Is AI replacing entry-level jobs or just reshaping them?

[00:38:00] — Teaching with AI: From education to GRC upskilling

[00:42:00] — The risk treatment plan case study: AI as a draft, not a decision

[00:47:00] — Closing thoughts on AI, SaaS disruption, and Jetsons-level predictions

Hosts: Troy Fine, Kendra Cooley

Producer: Elliot Volkman

Runtime: ~49 minutes

Hosted on Acast. See acast.com/privacy for more information.