GRC Superheroes

Mike DeKock, CPA, CEO

November 6, 2023
The Compass:

As we expand our team here at MJD Advisors, one of the bigger challenges we’ve faced is defining the “ideal MJD candidate” to recruiters. They’re often looking for hard stats (years of experience, certifications, degrees) when we are more concerned about hiring interesting people. 

You see, we aim to do compliance and auditing a little differently, and those differences are still being written. It turns out convincing people to “reimagine compliance” on the fly is tricky! We’ve assembled a fantastic team so far, but it hasn’t been recruiting as much as what I would define as “dumb luck.” As someone who is uninterested in relying on dumb luck and believes setting expectations is essential, I wanted to provide some thoughts on what I think are the most important skills for working at MJD and in governance, risk, and compliance (GRC) in general.

We talk about superpowers at MJD and believe everyone possesses a special skill that we need to understand and harness to help them be the best version of themselves. It’s not about actually demanding superhuman abilities (as much as it feels necessary to work in GRC); we want our team members to be the superheroes of their own stories.

Because I think about this often, I decided to draft my own personal super team that embodies the skills I believe are most important for success in a modern GRC environment. 

Charles Xavier

Professor Charles Xavier

GRC Skill: Guide

Professor X was the founder and leader of the X-men and as powerful as any superhero, but was rarely at the forefront of battle or aggressively forcing his will. His role was to provide direction and wisdom to the organization and support the team by facilitating decision-making. He was at his best when helping others be at theirs.


  • Evaluates nuanced problems, effectively communicates options, and presents the pros and cons without bias
  • Provides clear direction for the team to understand boundaries and continue to innovate
  • Monitors known risks and shepherds the team to identify and navigate the unknown
  • Maintains a calm presence and illuminates the best path for others


GRC Skill: Translator

Mystique is a shape-shifter that can take on the appearance and voice of anyone. She has the ability to seamlessly blend into any environment, bridging the gaps between different internal and external groups. 


  • Adapts vocabulary and communication style for each unique audience and thrives in diverse settings to help stakeholders understand key risks and objectives
  • Simplifies complex concepts and presents information that is approachable for various audiences
  • Bridges the gap between different departments and groups and seeks to find common ground and mutual understanding

Nick Fury

GRC Skill: Connector

Nick Fury was responsible for forming the Avengers and continued to add resources and additional team members. His ability to see the bigger picture, connect individuals with diverse skills and personalities, and help the team overcome personal barriers to form a cohesive unit positioned them for success.


  • Builds and fosters relationships across different domains and effectively leverages the subject matter expertise of others 
  • Observes the full landscape of the organization and environment and shares connections and dependencies that are not obvious within individual business units
  • Creates opportunities for collaboration and problem-solving to support organizational unity


GRC Skill: Helper

Spider-Man did not take his role for fame. He brought much-needed optimism and eagerness to create positive change and did so without requiring (or even desiring) any recognition. What mattered most was just helping people, whether that was stopping a runaway train or rescuing a cat from a tree. 


  • Brings solutions and approaches problems with optimism regarding available resources and individual contributions
  • Celebrates the achievements of the organization and seeks to provide value and demonstrate support for other functional areas of the business
  • Presents GRC needs as a business enabler with customers and organizational effectiveness to bind the program to the company’s culture

Iron Man

GRC Skill: Creator

Here’s the skill I believe we need more of the GRC space - innovators and builders who inspire others to solve incredible challenges.

Tony Stark (Iron Man) was bursting with innovative ideas and solutions and constantly solved problems by challenging the status quo without being limited by things like “physics.” He saw beauty and potential in raw materials and built solutions from scratch based on the resources that were available to him. 


  • Simplifies and automates processes to reduce organizational friction and increase buy-in on procedural necessities 
  • Identifies opportunities to innovate within guidelines and organizational constraints 
  • Takes a hands-on approach to systems and processes that foster continual improvement and challenges the status quo

More posts

Blog Post
7 min read
What controls are required for SOC 2® reports?

There is nuance to this question, and other well-meaning and very smart people that I respect might give a different answer. But within the volumes of literature that set the standards, the true answer is this: There are absolutely no control requirements for SOC 2 reports.

How Penetration Testing Increases Your ROI of ISO 27001 Compliance

Software Secured shares exactly how penetration testing increases the ROI of your ISO 27001 compliance.

Understanding the Nuances: Privacy and Confidentiality

Within the SOC 2 framework, two crucial categories—privacy and confidentiality—play distinct roles in safeguarding sensitive data. Our latest article outlines each category and the differences between the two.