Women leading the way: takeaways on the future of GRC

"Leadership roles tend to be taken, not given."

That was the line our CEO, Rikke Stampe Skov, left in the room at the close of "Women Leading the Way: Shaping the Future of GRC" – a panel at #RISK Digital Global, the virtual event from GRC World Forums, on Wednesday, June 17. Moderated by Lucy Montague of Corestream GRC, the session brought together three award-winning women in governance, risk and compliance (GRC) to talk about inclusion, mentoring and where the profession is heading.

Alongside Rikke on the panel were Sharon Sharples, Op Risk and Risk Oversight Chief of Staff at Barclays, and Rebecca McLean, Risk Director at AXA Commercial. Here are the points that stuck with us.

You can watch the full session on demand here.

Inclusion that actually happens

Much of the conversation focused on practical initiatives rather than high-level strategy – the specific programs each organization runs day to day.

At Barclays, Sharon described a set of low-cost, colleague-led initiatives: virtual speed-networking that connects junior and senior people across a global team, a 360-degree mentoring program with more than 500 people in the risk team alone, and a leadership program called Elevate. The shift she is most proud of is in the framing – moving from "getting women in the room" toward inclusion that speaks to everyone, whatever their background.

At AXA, Rebecca runs a senior-leadership exercise called "Five people you trust," where leaders list the five people they rely on most and look for patterns. The usual realization? Most of us trust people who look like us – a simple way into a real conversation about cognitive diversity. As she put it, "If you don't measure it, you won't change it," which is why AXA also tracks how underrepresented groups move up through the organization.

Rikke's angle was different, and it reflected the reality of a smaller company without Barclays' or AXA's formal programs: as CEO, her job is to notice bias in the moment and name it. She traced that instinct back to her own early career. After she sold a cybersecurity consultancy to PwC, a male colleague at the same level was made partner while she stayed senior manager – so she asked the senior partner why. His answer: "Well, he asked."

The lesson stuck. "I just learned that there's a game here, and I didn't know the rules," she said. Since then, she has spent real energy helping others learn those unwritten rules, and stepping in on the signals everyone else tends to let slide – like reminding one team member that she doesn't always have to be the one who serves the coffee.

Mentoring works both ways

Mentoring was where the panel was most candid. One statistic cited during the session: 28% of women with mentors reach senior leadership, compared with 19% without.

Rikke made the case for reciprocity. Some of her best mentoring, she said, has come from being a mentor, because younger mentees give her fresh perspective on how to lead. She also pointed to a pattern most of us recognize: entry-level intake at the Big Four is roughly 50/50, but the balance breaks somewhere on the way to partner. "It's about us helping to fix where it breaks," she said.

Rebecca described keeping a small network of mentors for different challenges, and warned about the "quietly competent" trap – being consistent, dependable and overlooked. If you wait for the work to speak for itself, she said, it won't always.

Where GRC is heading

The GRC thread ran through everything, and the panel was aligned on it: the profession is moving away from a tick-box, "business prevention" reputation and toward teams that bring insight and foresight to the business.

Sharon is living that at Barclays, where she is leading a simplification of risk and control frameworks – stripping out duplication, sharpening accountability and freeing teams up for the conversations that actually matter. Rebecca made the same point from the AXA side: her team now sits inside key decision forums rather than handing over a dashboard after the fact.

Both also noted how the risk landscape has changed. The scenarios that used to sit in the "remote, 10 years away" corner of the heat map are happening now – the energy shock after the invasion of Ukraine, tariffs, geopolitical instability, cost-of-living pressure on customers and colleagues alike. Rebecca's team brought all of it to their board as one connected picture rather than a stack of separate reports.

On AI, the view was measured. More data means more automation and faster analytics, Sharon said, but the human judgment teams bring to the table won't be replaced by robots any time soon. Rebecca framed it as the opening for women to lead: the hardest risks today have no answer written in a policy yet, so curiosity, comfort with not knowing and the emotional intelligence to read a room matter more than ever – and that is exactly what AI cannot deliver.

Advice for the next generation

The closing round produced the most practical advice for women earlier in their GRC careers: start using AI now, raise your hand when you are unsure (because someone else is too, and the person who asks gets the credit), and lean on your transferable skills.

Rebecca's closing point centered on authenticity. Women are often coached to moderate themselves – to be less emotional, less ambitious, less visible – and her advice was to resist it: stay authentic, champion yourself and don't smooth out your rough edges to make other people comfortable. Allyship, she added, starts with you.

Or, in Rikke's words, passed on from a mentor of her own: leadership roles tend to be taken, not given.