Today’s episode is hosted by James Dyson and they are joined on the podcast by Tasim Carku, Security Specialist at Qt Group, Suvi Kaartinen, Lead Security Advisor at Cyberismo and Akseli Erikkilä, Information Security Management Lead at Mehiläinen.

The conversation explores making GRC practical and how organisations translate governance, risk and compliance requirements into workable everyday processes. The exchange highlights the challenge of balancing regulatory demands with operational efficiency while maintaining clear ownership and accountability. Discussion broadens to consider risk management frameworks, security operations and the role of tooling in supporting effective compliance. Attention is given to aligning policies with real-world workflows, improving visibility across the organisation and embedding security thinking into business decisions.

Later, the conversation returns to making GRC practical in the context of maturity and scale, examining how organisations can simplify complexity, support stakeholders and build sustainable security practices. The discussion offers perspective for leaders aiming to strengthen governance while enabling agility and resilience.