Influential GRC leaders to follow in 2025

Compliance and risk management are no longer just about ticking boxes—they are a strategic necessity, a fuel for growth. To get the most out of them, you need experts to break down the complexities and nuances. 

This is where GRC leaders and influencers come in—to help you make the most of your journey rather than just a cost center. Leaders share nuggets of knowledge and expertise that can help you sharpen execution and dig deeper into evolving technologies.

After thorough research and careful content analysis, we have identified the top nine GRC voices we recommend you follow today. They are sure to enrich your feed.

GRC influencers of 2025

Read on to learn how these eight GRC leaders impact and educate their followers about the governance, risk, and compliance trajectory. Keep reading!

1. Aron Lange 

Aron Lange, a former security officer at Deloitte, now dedicates his expertise and experience to launching GRC Lab, the one-stop hub for all things GRC: courses, community, personalized support, on-demand training, and more free resources. 

Lange is the brain behind one of the most subscribed GRC newsletters, LearnGRC. He started it with one goal: to demystify the complex world of cybersecurity and privacy. The newsletter offers expert advice to help anyone considering a career in GRC grow and accelerate by gaining valuable skills with real-world applications. 

Follow him on LinkedIn. 

2. Ayoub Fandi

Ayoub Fandi is a senior security assurance and GRC engineer in GitLab. As a consultant, he has helped companies in their GRC journeys prepare for security certifications, and CISOs report to the board. 

He helps his 17000+ followers understand how leading businesses use GRC as a strategic product rather than a cost center. 

Fandi also hosts a podcast specializing in storytelling to reach out to individuals from a wide range of non-GRC verticals. He simplifies complex topics like GRC engineering and invites individuals from the field to share their journeys and stories. 

You can sign up for his newsletter here. 

3. Michael Rasmussen 

Michael Rasmussen is a GRC analyst and founder of the GRC Report, an online news and research publishing company. Hailed as the “Father of GRC,” he is a notable keynote speaker, author, and advisor. 

An internationally reputed and recognized thought leader in GRC, Rasmussen boasts over 30 years of experience; he helps businesses add efficiency to their processes, design GRC architecture, implement effective technologies, and ensure agility. 

In addition to serving on the OCEG Leadership Council and chairing the OCEG Technology Council, Michael has made significant contributions to U.S. congressional reports and committees. 

You can follow his blog for expert insights into GRC, enterprise risk management, building cybersecurity resilience, and other hot topics. 

4. Sean Connelly

Sean Connelly has 25+ years of experience in IT and cybersecurity and is currently the executive director of global trust zero strategy and policy in ZScaler. He has also served as a senior cybersecurity architect in the Department of Homeland Security (DHS). 

Connelly has co-authored the Zero Trust Maturity Model (ZTMM) to help agencies develop and implement zero-trust strategies. He has also contributed to various government mandates, like Cyber EO (14028) Cloud Security Technical Reference Architecture (CSTRA), to help agencies migrate to the cloud securely. Finally, he contributed to NIST 800 207 Zero Trust Architecture. 

Connelly is recognized as a top voice in cybersecurity on Linkedin. Join his 20,000+ followers here.  

5. Christophe Foulon

Christophe Foulon is a seasoned cybersecurity executive advisor, GRC leader, risk consultant, and IT security specialist, all rolled into one. He uses his 20 years of experience to help small and medium businesses drive growth through effective risk management and compliance. 

Foulon offers a wide range of GRC services, including comprehensive risk assessment, vulnerability management, custom security strategy implementation, and continuous threat monitoring. 

Follow his blog to explore how a fractional CISO approaches cybersecurity and risk. Join his 50,000+ followers on Linkedin to get curated security and risk management guidance. 

6. Henrik Parkkinen 

Henrik Parkkinen was listed among the top 25 cybersecurity leaders in 2024 under the 40 under 40 category. He is a globally recognized cybersecurity leader with over 20+ years of experience and a deep understanding of security technologies and the threat landscape. 

Henrik coaches organizations in adding resilience to their security posture. You can access his free guidance in his award-winning blog. 

His position on security leadership is: “Security is a supporting function in an organization. It is not about you or the security team in isolation. It is about the organization. As a security leader, you are there to ensure that security will support your organization’s success.”

Henrik shares insightful information on improving security posture with his 25,000 followers on Linkedin.

7. Malini Rao

Malini Rao is a cybersecurity and GRC thought leader, mentor, best selling author, and AI governance advisor. She has over two decades of experience in various areas of security and GRC such as application security, cyber forensics, cloud security, and AI governance. As a global woman in cybersecurity and board member of ISSA, she has previously led a team of 400+ GRC members. 

Currently, Rao works at Deeplearncyber.ai (an AI-based security and consulting company), which helps mentor clients and professionals in enhancing their cybersecurity programs by leveraging AI and ML techniques. 

Rao’s specialties include identity and access management, security by ensign, IT risk management, security digital transformation, blockchain, and AWS, and ISO 27001. She has over 40+ certifications in various fields related to cybersecurity including Managing Risks in the Digital Age from Harvard University. 

You can learn more about cyber and GRC or purchase certification courses from her website learn.malinitalkscyber.com/ and join 12,000 followers on Linkedin.  

8. Christopher Warner

Christopher Warner is a full-spectrum security leader and risk advisor across 16 Critical Infrastructure Protection. He has over 25 years of experience in operational technology, Cyber-Physical Systems, and GRC thought leader. 

With a focus on enhancing organizations’ security resilience, Christopher’s skills include risk management, Military Special Access Programs (SAPs), and Nuclear Power Plant Cyber-Physical Systems Security Assessment. 

As a firm believer in the role of security in growth, Warner maintains that “Building and growing a robust OT/ICS security program using GRC principles is essential for safeguarding critical infrastructure and industrial processes. Organizations can create a secure, resilient, compliant OT environment that supports broader business objectives by aligning governance, risk management, and compliance efforts.”. 

Warner is a senior security consultant at GuidePoint Security. Follow him on LinkedIn to learn about GRC principles and security resilience.

9. Scott Mitchell 

Scott Mitchell is the brain behind GRC. He founded OCEG (Open Compliance and Ethics Group), the globally recognized non-profit group that created GRC and Principled Performance. 

Mitchell offers a wide range of corporate governance, security risks, and compliance expertise. He contributes to several think tanks for non-profit and profit ventures. You can follow him on LinkedIn for expert knowledge about GRC and principled performance. 

10. Jane Frankland

Jane Frankland is a cybersecurity influencer, advisor, leader, and author. She built her own hacking business from the ground up just at the age of 29. With over two decades of experience in cybersecurity, she has been actively involved in OWASP, CREST and Cyber Essentials. 

Frankland is the author of Amazon bestseller “IN Security: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe”. Here, she combines stories, interviews, and practical advice on preparing against cybercrime and terrorism. 

You can book a discovery call to start a business conversation at her personal website. Join her 44k followers on Linkedin. 

11. Alex Sharpe

Alex Sharpe is an industry recognized cyber governance, AI, risk management and zero trust practitioner, author, and advisor. Sharpe uses his 2.5 decades of experience to drive value for organizations by managing cyber risk. 

He owns practices in two firms and cofounded two startups that includes a successful IPO. Additionally, his track record includes developing strategic plans for 10+ countries across the globe, participating in over 20 M&A transactions, and leading a team of $1 billion government programs. 

Recently, he was recognized as one of the Top Thought Leaders for 2025 by Thinkers360. You can join his 10k followers on Linkedin. 

12. Dan Lohrmann

Dan Lohrmann is an internationally recognized cybersecurity leader, keynote speaker, bestselling author, technologist, CISO, and mentor. He co-authored an Amazon bestseller on information management, “Cyber Mayday and the Day After: A Leader’s Guide to Preparing, Managing and Recovering from Inevitable Business Disruptions”. 

Being a globally recognized conference speaker, Lohrmann led the Michigan government’s cybersecurity and technology infrastructure team for 12 years. He also worked as an advisor for White house leaders, National Governor’s Association (NGA), National Association of State CIOs (NASCIO), U.S. Department of Homeland Security (DHS), and local government agencies. 

As a thought leader in cybersecurity, Dan is a key contributor to Government Technology Magazine, CSO Magazine, Computerworld, Huffington Post, Governing, Bloomberg, Forbes, PBS, Yahoo Finance, NY Mag, TechCrunch, Australian Cyber Security Magazine, Cyber Talk Africa and more. 
Dan has 40k+ followers on Linkedin. Follow him here.

GRC insider knowledge, straight to your inbox

• Get in conversation with CISOs, founders, security leaders, and lead auditors.
• Participate in events and get access to a world of learning from cybersecurity’s finest.
• Be part of lead auditor AMAs to gain insights on the most pressing audit questions.
• Access a hand-picked round-up of our best guides, blogs, and community content.

After attending 100+ cybersecurity summits in the last 2 years, I often craved a space to carry forward the friendships forged and learnings gathered. I created group chats, hung out more in person, shared stories, and vent about failures.

These chats have helped me out of sticky problems and have been invaluable in shaping my understanding of the space and my career as a cybersecurity marketer. However, I always felt that my privilege of attending these events was out of reach for those starting in their careers when they needed mentorship the most, but flying out to these in-person events would break the bank.

That planted a seed of building a ‘forever free’ community/home for cybersecurity pros who want to learn, grow, give back, and push each other to become 1% better daily. This newsletter is just the beginning. Let’s see where this goes.

– Pritesh Vora, VP of Growth, Sprinto

Sign up here: https://sprinto.com/newsletter-sign-up/