Ahead of 2026’s Women in GRC awards, CoreStream GRC’s, Lucy Montague, moderated the discussion with four female leaders who have helped shape the direction of risk, governance and compliance across major organizations:
Topic: Equity in action: women transforming the culture of GRC
Moderator:
- Lucy Montague, Head of Marketing, CoreStream GRC
Panelists:
- Claire Robson, Governance Director and Data Protection Officer, Chartered Insurance Institute and 2025 Governance Champion of the Year winner.
- Rebecca McLean, Commercial Risk Director, AXA Insurance and 2025 Risk Role Model of the Year winner.
- Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays and 2025 Inclusion Champion winner.
- Hana Zaman, Senior Engagement Manager, McKinsey & Co.
Together, they explored what it really takes for women not just to work in GRC, but to lead it, influence technology decisions and redefine what leadership looks like in this space.
Want to learn more about our sponsorship of the 2026 Women in GRC awards?
The gender gap in senior GRC roles
The leadership gap in GRC is not a capability issue. It is a design issue.
Women move through a system that shapes confidence, visibility and opportunity long before senior roles are even in sight.
“We’re not always good at pushing ourselves forward. Confidence is a real barrier.”
Claire Robson, Governance Director and Data Protection Officer, Chartered Insurance Institute
“The root cause often starts in education. These industries are maths-heavy and those subjects have traditionally been male.”
Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays
By the time women reach GRC, the pipeline has already narrowed. Leadership teams often default to familiarity when making hiring and promotion decisions.
“We tend to hire people who look and think like us. That bias still shapes who gets promoted.”
Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays
By the time women reach GRC, the pipeline has already narrowed. Leadership teams often default to familiarity when making hiring and promotion decisions.
“We tend to hire people who look and think like us. That bias still shapes who gets promoted.”
Rebecca McLean, Commercial Risk Director, AXA Insurance
Finding influence in GRC
Interestingly, each panelist entered the world of GRC through a different path/reason. These diverse channels emphasize the broad nature of governance, risk and compliance, and the many business outputs it covers. The common theme was that people find their way into GRC because they can solve problems, influence decisions and connect work across the business.
Those strengths are what make GRC such a powerful place to build a career. However, they are also part of why women are often pushed out of the pipeline before they ever reach it. Structural barriers and external pressures make it harder for women to access roles where influence, decision making and visibility sit at the center. Yet for the women who do make it into the field, that same influence is what keeps them motivated.
“I’ve stayed because of the breadth of the role. There isn’t a material or commercial decision I don’t get a seat at the table for.”
Claire Robson, Governance Director and Data Protection Officer, Chartered Insurance Institute
“One thing that keeps me working is knowing I’m helping protect customers and the company.”
Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays
This mix of purpose, visibility and real business impact is exactly why GRC needs strong, diverse leadership. If your function shapes decisions across the whole organization, you cannot afford a narrow perspective.
The lived challenges women still face in GRC
When the conversation moved to day-to-day experience, the stories were familiar. Women enter rooms where they are one of the few, or the only, woman at the table. Progress can feel visible in policy, but fragile in practice.
“There was a lack of role models. It was very male-dominated and when you eventually would find women who did get into leadership they often soon moved on.”
Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays
Caring responsibilities still fall unevenly, and that reality does not always show up in how women’s roles or expectations are designed.
“Caring responsibilities are still a big barrier. Hybrid working can help but also brings challenges.”
Sharon Sharples, Director, Group Operational Risk & Risk Oversight Chief of Staff, Barclays
That scarcity also feeds into the kind of feedback women receive. When an industry is unfamiliar with the idea of a female leader, standards shift depending on who is giving them. This leaves women to balance conflicting expectations that have little to do with performance.
“I once had feedback, one saying I was too soft and one saying I was too harsh at the same time. Women walk a line man rarely have to navigate.”
Hana Zaman, Senior Engagement Manager, McKinsey & Co.
And in environments shaped by competition for limited space at the top, scrutiny does not only come from men.
“Don’t pull the ladder up behind us. Women face scrutiny from both men and women.”
Rebecca McLean, Commercial Risk Director, AXA Insurance
These leaders’ stories underline a simple point. The problem is not women failing to hit some neutral standard. It is that the standard was never designed with their realities in mind.
On allyship, sponsorship and culture change for women in GRC
Across the panel, one message landed clearly. Allyship is not a slogan. It is a behavior. Careers move when someone opens a door, brings you into the room or backs your judgment when you are not there to defend it.
“When people brought me into decision-making spaces, it changed my career. Now I’m in a place where I can do that for others.”
Hana Zaman, Senior Engagement Manager, McKinsey & Co.
That is sponsorship. It cannot sit on women alone, and it cannot be limited to women sponsoring women.
“We shouldn’t need men to spot female talent, but we do. You need male and female cheerleaders.”
Rebecca McLean, Commercial Risk Director, AXA Insurance
This is not about reducing opportunities for men. It is about expanding the talent pool and who gets seen, to ensure our GRC leaders are pulled from this biggest talent pool possible.
“Encouraging women into senior leadership does not mean there isn’t a place for men. We need both.”
Claire Robson, Governance Director and Data Protection Officer, Chartered Insurance Institute
Culture shows up in these concrete behaviors. Who gets invited into key meetings. Whose ideas are credited. Whether bias is challenged in the moment or quietly ignored. Equity is a shared responsibility. It works when sponsorship is deliberate, and leadership is treated as something to share, not to guard.
Learn more about what CoreStream GRC is doing to ally with women in GRC
On the future of GRC and preventing boundaries and burnout
If organizations build tomorrow’s tools on yesterday’s inequalities, GRC teams will inherit a new wave of silent, systemic bias. That makes diverse leadership non-negotiable. You cannot build fair, ethical systems if everyone who designs them looks and thinks the same.
It also makes sustainability a core equity issue. Equity is not only about opening doors. It is about making sure people can stay in the room without burning out. A sustainable GRC function is a stronger one.
Closing thoughts on women in GRC
Equity in GRC shows up in everyday decisions:
- Who gets the stretch role or the visible project
- Who is invited into important conversations
- Who gets sponsored instead of just mentored
- Who is trusted to lead, even when they do not fit the traditional mold
This panel made the direction clear. Honest conversations. Intentional allyship. A willingness to challenge outdated expectations about what a GRC leader looks like. The industry is moving, but the work is not finished. Sessions like this make sure the momentum is real, not just rhetorical.
If you see yourself in these stories, or you know someone quietly reshaping the future of GRC, keep them in mind once nominations open.
Want to get notified once Women in GRC Award nominations open?
FAQ
The session explored what it really takes for women to lead in governance, risk and compliance today. The panel talked honestly about confidence barriers, visibility, early pipeline issues, and the cultural expectations that shape career progress. The theme was clear: equity in GRC is built through daily decisions, not slogans.
The conversation was moderated by Lucy Montague, Head of Marketing at CoreStream GRC. Panelists included:
Claire Robson, Governance Director and Data Protection Officer, Chartered Insurance Institute, 2025 Governance Champion of the Year.
Rebecca McLean, Commercial Risk Director, AXA Insurance, 2025 Risk Role Model of the Year.
Sharon Sharples, Director, Group Operational Risk and Risk Oversight Chief of Staff, Barclays, 2025 Inclusion Champion.
Hana Zaman, Senior Engagement Manager, McKinsey and Company.
The panel was clear that the gap is not about capability. It is about how the system is designed. Confidence barriers, limited early support in subjects like maths, and a lack of visible role models all narrow the pipeline early. Hiring and promotion often lean toward familiarity, which means women with the skills still get overlooked.
Each panelist came into GRC through a different route. That variety shows how broad governance, risk and compliance really is. Most people enter because they can solve problems, influence decisions and work across the business. These strengths make GRC a powerful career field, but they are also the traits that are harder for women to demonstrate when access to influential roles is limited.
