In advance of the Women in GRC Awards on 2 July 2026, we are running a podcast series, “Spotlight on Women in GRC”. In this episode, CoreStream GRC Head of Marketing Lucy Montague sits down with Rita Parmar, a Senior Risk Officer with vast experience across the finance sector. As well as Sarbanes-Oxley compliance, governance, regulatory reporting, and non-financial risk.
The discussion explores;
- How the financial services risk agenda is changing.
- Accelerating AI adoption.
- Third-party risk extending beyond direct suppliers.
- Geopolitical events that are creating new questions for risk teams.
- Why financial services organizations still need strong human judgment, clear reporting, and open conversations across the business.
Rita also shares her perspective on women in GRC, career breaks, confidence, and why younger professionals should ask questions, build relationships, and avoid undervaluing the skills they already bring to the table.
What does the next era of financial services risk leadership demand?
Financial services risk teams are operating in a more complex environment. The challenge is no longer limited to traditional financial risk. The Bank of England’s Financial Stability Report, December 2025 found that risks to financial stability increased during 2025, identifying geopolitical tensions, the fragmentation of trade and financial markets, and pressures on sovereign debt markets as key sources of risk. These issues do not sit neatly in isolation. They can create knock-on effects across markets, portfolios, operations, technology environments, and regulatory obligations.
For senior risk leaders, this means building a broader view of the risk landscape. Cyber risk, data risk, AI, third-party dependencies, geopolitical disruption, and operational resilience increasingly need to be understood together. As Rita Parmar explains:
“My current focus is generically across non-financial risk. So, it’s going to be third-party risk, data, information and cybersecurity. And then it encroaches on various other areas, like geopolitical risk and AI.”
Rita Parmar, Senior Risk Officer at UK Bank
The next generation of financial services risk leaders will need to combine technical knowledge with a strong understanding of the business. The value of risk management is not measured by the number of issues a team identifies. It is measured by whether the organization can make better decisions, raise problems earlier, and respond with confidence when the environment changes.
Why financial services risk teams must move beyond policing
For Rita, this requires a solution-led approach. Risk should not be treated as a negative or punitive function. In financial services, employees and business leaders need to feel able to raise issues early, without worrying that the risk team will simply arrive with a list of problems. A culture where people are reluctant to speak openly can make risks harder to identify and slower to address.
“We’re not entirely here to just police you. We’re here to help you.”
Rita Parmar, a Senior Risk Officer at UK Bank
That does not mean weakening accountability or second-line challenge. It means reframing risk management as a function that helps the business move forward safely. As Rita puts it:
“Let’s find a solution and not just have all the problems. Let’s brainstorm and create a solution-based approach.”
Rita Parmar, a Senior Risk Officer at UK Bank
This reflects a wider shift toward value-based risk management. Michael Rasmussen, GRC analyst, makes the point clearly;
“Risk management should not be the handbrake on the business. It should be the navigation system that helps the business move forward, steer through uncertainty, and achieve its objectives.”
Michael Rasmussen, Pundit and Founder GRC 20/20 Research
For financial services organizations, that distinction matters. Strong risk teams do not simply document what has gone wrong. They create the visibility, challenge, and open conversations the business needs to make better decisions before issues escalate.
What does a solution-led approach to risk look like in practice?
For Rita, a solution-led approach starts with regular conversations. Her team uses monthly “risk dialogues” to engage stakeholders across the business, creating opportunities to raise questions and discuss emerging issues before they become larger reporting problems.
“We have this tool set that we use. We call it risk dialogues. So, we have a monthly discussion with them. And also, if there are any questions, we just go up and talk to them.”
Rita Parmar, a Senior Risk Officer at UK Bank
These conversations matter. Modern risk leaders cannot rely solely on dashboards, committees, or formal reporting cycles. Data can show that a risk indicator has changed, but it does not always explain why. Regular dialogue can surface the operational context behind the numbers, build stronger relationships with the business, and support a more risk-aware culture.
This is particularly important as financial services organizations strengthen their approach to operational resilience. In March 2026, the FCA found that operational resilience had become a central part of many firms’ risk frameworks and planning, leading firms to test the resilience and vulnerabilities of third-party providers and supply chains more rigorously.
A supportive risk function does not mean lowering standards. Risk teams still need to provide robust second-line challenge, test assumptions, and ask difficult questions. But the purpose of that challenge is to support better decisions, not create a compliance exercise.
As Rita explains:
“I would then overlay that from a second-line review perspective and go through and challenge what’s gone on, how have we improved or how have we worsened in certain situations, and what’s coming, what’s emerging, what’s trending next.”
Rita Parmar, a Senior Risk Officer at UK Bank
How is risk reporting changing across financial services?
Every organization’s reporting process will look different. For Rita’s team, risk reporting includes a quarterly cycle of meetings, risk packs, metrics, first-line reviews, and second-line challenge.
“We have quarterly meetings and there are various packs that are produced for that. And that consists of top risks and events and so forth.”
Rita Parmar, a Senior Risk Officer at UK Bank
The goal is not simply to create more reports. The best risk reporting translates complexity into action. It should help senior leaders understand what has changed, why it matters, where visibility is limited, and what decisions need to be made.
This is especially important in financial services, where operational incidents can affect customers, markets, and wider financial stability. The FCA’s March 2026 policy statement on operational incident and third-party reporting introduces clearer and more consistent reporting requirements, reflecting the potential impact of disruption across the sector.
For risk leaders, the challenge is to move confidently between detail and strategy. They need to understand the operational reality behind the data while still communicating the wider implications clearly to senior stakeholders.
“I am a person that really likes to get into the detail, but whilst I get into the detail, I can also completely come out of it and understand the higher components of it. So, I can explain to board level, and I can explain to a new individual that’s starting up in an organization.”
Rita Parmar, a Senior Risk Officer at UK Bank
How should financial services leaders approach AI risk?
AI is not a future concern for financial services. It is already embedded across the sector. Financial institutions are exploring how it can support internal processes, customer service, fraud detection, financial crime prevention, regulatory compliance, risk management, and cybersecurity.
The scale of adoption is significant. A Bank of England and FCA survey on AI in UK financial services found that 75% of responding firms were already using AI, with a further 10% planning to adopt it within 3 years. The same survey found that 55% of AI use cases involved some degree of automated decision-making, although only 2% were fully autonomous.
For risk leaders, the answer is not to avoid AI. It is to adopt it with the right oversight. Rita’s position is balanced: AI can help teams analyze data, surface patterns, and improve efficiency. But it should not be treated as a substitute for judgment, particularly where the organization is making complex or high-impact decisions.
“Don’t be scared of using it, because if you don’t take the risks, you’re not going to get the rewards either.”
Rita Parmar, a Senior Risk Officer at UK Bank
The challenge is knowing where to draw the line. Financial services leaders need to understand where AI is used, how outcomes are monitored, and when a human needs to intervene. Human oversight should be meaningful, not a box-ticking control added after deployment.
As Rita explains:
“Use it, but make sure you’re not making your key decisions out of it.”
Rita Parmar, a Senior Risk Officer at UK Bank
Data and analytics can provide valuable insight. But they do not always capture context, nuance, or the qualitative factors that shape good decision-making.
“As a human, you’re going to add the qualitative feature that will bring out the aspects that all the analytics can’t. That side of it is not going to go away and it’s not going to get replaced, because that’s just as important.”
Rita Parmar, a Senior Risk Officer at UK Bank
That point is particularly important in regulated environments. Organizations need more than AI tools that produce fast answers. They need outputs that can stand up to scrutiny. As Anders Søborg, Co-Founder of SANNOS, explains;
“The problem with generic AI in compliance is that it can sound convincing without being defensible. Our approach is different. We work from real documentation and control evidence, so the output is grounded, explainable, and ready for serious review.”
Anders Søborg, Co-Founder, SANNOS
For financial services organizations, that distinction matters. AI should help teams work faster without weakening confidence in the result. The strongest tools will be grounded in real evidence, linked back to verifiable sources, and supported by clear review processes.
Why is third-party risk becoming more difficult to manage in the age of AI?
Third-party risk is one of Rita’s main areas of focus. Financial services organizations rely on increasingly complex supplier ecosystems, from cloud platforms and data providers to outsourced services and specialist technology partners. The risk is no longer limited to the supplier with a direct contract.
“You’ve got fourth party, fifth party, etc. And it’s understanding all those different relationships that might impact your organization that you don’t have line of sight of naturally.”
Rita Parmar, a Senior Risk Officer at UK Bank
AI adds another layer of complexity. Financial services firms may depend on external models, cloud infrastructure, and third-party data sources. This can introduce concentration risk and reduce visibility over how technology is developed, governed, and maintained.
The Bank of England and FCA survey found that 33% of AI use cases were third-party implementations, up from 17% in 2022. Risk and compliance had one of the highest proportions of third-party AI implementations at 64%.
This is where AI governance, third-party risk, cybersecurity, and operational resilience increasingly intersect. Financial services organizations need to understand not only whether a vendor uses AI, but how that use could affect their own risk exposure, data security, and ability to continue delivering critical services.
The regulatory direction is clear. The Digital Operational Resilience Act establishes an EU-wide oversight framework for critical ICT third-party providers, with the aim of supporting the resilience of the financial sector against ICT disruption.
The issue also extends beyond the EU. As CoreStream GRC explored in a recent Trends and Insights piece EU and UK authorities signed a Memorandum of Understanding on 14 January 2026 to coordinate oversight of critical ICT third-party providers operating across both jurisdictions.
The practical question for financial services leaders is straightforward: can your organization see where its critical dependencies sit, understand the risks further down the supplier chain, and produce evidence of what has been tested when a regulator, auditor, or board member asks?
Why does geopolitical risk require a connected view?
Geopolitical risk is rising rapidly on the agenda. The World Economic Forum’s Global Risks Report 2026 found that geoeconomic confrontation was the risk most likely to trigger a material global crisis in 2026, selected by 18% of respondents. State-based armed conflict followed closely at 14%. Together, these findings show that close to 1 in 3 respondents view geopolitical tensions as the most immediate threat facing the global economy.
For financial services organizations, geopolitical risk cannot always be treated as a standalone category. A single event can create knock-on effects across cyber risk, supply chains, asset values, client portfolios, third-party exposure, and operational resilience.
“Geopolitical risk, it’s not a risk type in itself. It surfaces in multiple areas and impacts the various different risk types. And it’s how do you build all that in.”
Rita Parmar, a Senior Risk Officer at UK Bank
This is why financial services organizations need a connected view of risk. Senior leaders need to understand not only that an external event has occurred, but how it could affect the organization’s internal exposure. A disruption in one market may create portfolio pressure. A geopolitical conflict may increase the threat of cyberattacks. A change in trade relationships may expose vulnerabilities further down the supplier chain.
The Bank of England’s Financial Stability Report, December 2025 reinforces that point. It warns that elevated geopolitical tensions increase the likelihood of cyberattacks and other operational disruptions, creating risks that financial services organizations need to understand across functions rather than in isolation.
For risk leaders, this means asking more connected questions about portfolio vulnerability, customer exposure, and the potential impact of external events.
“How vulnerable is your portfolio in the current environment with all the stuff that’s going on? Are the client portfolios doing okay? Do they have problems? Is it going to result in any negative compromises that we might have to deal with?”
Rita Parmar, a Senior Risk Officer at UK Bank
The challenge is not simply to monitor the news. It is to translate external developments into meaningful internal insight. Risk reporting should help senior leaders understand where exposure sits, how different risks interact, and what action the organization may need to take.
What can organizations do to support women in GRC leadership?
The conversation also highlights a wider point about leadership. Women should not be expected to overcome every barrier individually. Organizations need to create cultures that support visibility, confidence, progression, and development.
For Rita, that means taking an active role in building opportunities for others. Alongside her work in risk, she chairs a diversity, equity, and inclusion committee and supports initiatives designed to create stronger networks for women across the organization.
“I was really proud that I could join a company on a permanent basis and become a person that can really drive the women’s agenda in the company.”
Rita Parmar, a Senior Risk Officer at UK Bank
This kind of work matters because representation still drops as careers progress. The McKinsey and LeanIn.Org Women in the Workplace 2025 report found that women remain underrepresented at every stage of the corporate pipeline. Women account for 49% of entry-level employees, but only 29% of C-suite roles.
The report also found that only 54% of surveyed companies treat women’s career advancement as a high priority. That distinction matters. A general commitment to inclusion is important, but organizations also need practical progression pathways, visible role models, sponsorship, and opportunities for women to build leadership experience.
As Rita explains:
“I also really particularly like our young, up-and-coming generation and showing them actually that you can do all of this. There’s no barrier that you can’t overcome.”
Rita Parmar, a Senior Risk Officer at UK Bank
For GRC leaders, this is not separate from the wider conversation about risk culture. Organizations make better decisions when different perspectives are heard, employees feel supported, and the next generation of leaders can see a realistic route forward.
What advice would Rita Parmar give to women starting a career in GRC?
Ask questions, even when they feel small
For women beginning a career in GRC, Rita’s first piece of advice is simple: ask questions. Governance, risk, and compliance roles require professionals to understand how different parts of an organization work, where responsibilities sit, and how risks can flow across teams, systems, and processes.
That understanding does not appear overnight. It is built by staying curious, speaking to people across the business, and being willing to ask questions even when the answer may seem obvious to someone else.
“Ask all the questions that you have in your head. Nothing is too small. You might think, am I being really silly or stupid? But don’t feel afraid to ask.”
Rita Parmar, a Senior Risk Officer at UK Bank
Curiosity is particularly valuable in financial services. The strongest risk professionals do not focus narrowly on one process or risk type. They develop a broader understanding of how the organization operates, how different risks connect, and what those risks mean for customers, portfolios, operations, and decision-making.
Build relationships and back yourself
Rita also encourages women entering the profession to attend events, approach people, and build relationships across the GRC community. Networking does not need to feel transactional. A single conversation can create an opportunity to learn, find a mentor, or discover a new direction for your career.
“Go out there and attend things, and don’t be afraid to talk to people, approach people when you do attend events, because they’re all willing to help you.”
Rita Parmar, a Senior Risk Officer at UK Bank
This podcast is a good example. Rita and Lucy first met at an event. That initial conversation ultimately led to a wider discussion about financial services risk, AI, third-party dependencies, and the future of women in GRC.
Rita’s final message is one that many women at the beginning of their careers may need to hear. It is easy to focus on the skills you have not developed yet or the experience you think you are missing. Confidence does not mean pretending to know everything. It means recognizing the value you already bring while remaining open to learning.
“Think of yourself positively. That’s my key message.”
Rita Parmar, a Senior Risk Officer at UK Bank
Closing: The future financial services risk leader is human, curious, and solution-focused
The financial services risk agenda will continue to evolve. AI adoption is accelerating. Third-party dependencies are becoming harder to map. Geopolitical disruption can affect multiple risk categories at once. Operational resilience is now a board-level concern.
The strongest risk leaders will be those who can connect these issues across the organization. They will need to understand emerging threats, ask better questions, and translate complex information into practical decisions. Technology and data will play an increasingly important role, but they will not replace judgment, dialogue, or a clear understanding of the business.
That is the thread running through Rita’s advice. Effective risk management is not simply about identifying more problems. It is about helping the organization understand its exposure, raise issues earlier, and decide what to do next.
“Let’s find a solution and not just have all the problems. Let’s brainstorm and create a solution-based approach.”
Rita Parmar, a Senior Risk Officer at UK Bank
For financial services organizations, that solution-led mindset matters. The goal is not to create another layer of process. It is to build a more connected view of risk so that leaders can move forward with greater visibility and confidence.
About Rita Parmar
Rita Parmar is a Senior Risk Officer with experience across finance, Sarbanes-Oxley compliance, governance, regulatory reporting, and non-financial risk. Her work has covered third-party risk management, data risk, information and cybersecurity, risk reporting, and emerging issues including AI and geopolitical risk.
An accountant by training, Rita’s career has moved across finance, consulting, compliance, governance, and risk. She is also an advocate for diversity, equity, and inclusion and is passionate about encouraging the next generation of women to build confidence, ask questions, and pursue careers in GRC.
About the Spotlight on Women in GRC podcast
CoreStream GRC’s Spotlight on Women in GRC podcast series has been created in the lead-up to the Women in GRC Awards on 2 July 2026.
Across the series, CoreStream GRC Head of Marketing Lucy Montague speaks with women working across governance, risk, and compliance to explore their career paths, leadership lessons, and views on the future of the profession.
Hear Rita Parmar discuss financial services risk, AI, third-party dependencies, human judgment, career confidence, and the future of women in GRC.
Condensed podcast transcript
Lucy Montague:
Welcome to Spotlight on Women in GRC, our podcast series counting down to the Women in GRC Awards 2026 on July 2, sponsored by CoreStream GRC.
This series highlights the women shaping governance, risk, and compliance—exploring their backgrounds, experiences, and perspectives on industry change.
I’m your host, Lucy Montague, and today I’m joined by Rita Parmar. Hi Rita!
Rita Parmar:
Hi Lucy, it’s great to be here.
Background & Career Journey
Lucy:
Let’s start with a quick introduction—your current role and background.
Rita:
I’m a Senior Risk Officer at ABN AMRO Bank, where I’ve been for just under two years. I’ve worked in risk across several financial institutions and other sectors, and I’m a strong advocate of GRC.
My current focus is non-financial risk—covering third-party risk, data, and cybersecurity, as well as emerging areas like AI and geopolitical risk.
Lucy:
What first drew you into GRC?
Rita:
It was a natural progression. I started as an accountant (FCCA), moved into SOX, then into regulatory and compliance roles—especially governance and reporting. From there, I transitioned into risk.
Navigating Challenges & Career Growth
Lucy:
What challenges or biases have you faced, and how did you navigate them?
Rita:
As women, we often juggle multiple responsibilities—career, home life, and everything in between. That builds resilience, strong organisational skills, and adaptability. I’ve used those strengths to progress, while also encouraging younger women to see that there are no barriers they can’t overcome.
Lucy:
Did you have a mentor early in your career?
Rita:
Yes—our Managing Director when I worked in food manufacturing. It was a small organisation, and I was exposed to everything, from factory floor to finance. That holistic view taught me how businesses really work.
Lucy:
So you’d recommend gaining broad exposure?
Rita:
Absolutely. Talk to people across the organisation and understand how everything connects—that’s key to success in any role.
Women in GRC Leadership
Lucy:
What unique perspectives do women bring to GRC leadership?
Rita:
A key one is the additional skills gained through life experiences—especially maternity leave. Many women return doubting themselves, but they actually bring stronger capabilities, from time management to resilience, that elevate their careers.
Pausing can also provide clarity. I took time out, explored other ventures, and came back with a renewed direction, eventually moving from finance into risk.
Supporting Women in the Workplace
Lucy:
What can organisations do to better support women?
Rita:
At ABN AMRO, I chair the DEI committee, covering gender, LGBTQ+, and culture. We run initiatives like women’s empowerment lunches, networking events, and International Women’s Day activities.
We also ensure inclusivity—for example, moving Pride activities to a time when more people can attend, making them accessible to everyone, not just specific groups.
Career Highlights
Lucy:
When have you felt most proud in your career?
Rita:
Joining a company permanently after years in consulting and being able to drive meaningful change—especially leading DEI initiatives. Being appointed Chair of the DEI committee was a particularly proud moment.
Lucy:
How do you balance that with your day job?
Rita:
Prioritisation and delegation. You can’t do everything at once—focus on what matters, share responsibilities, and move less critical work to the back burner.
Day-to-Day Role & Risk Landscape
Lucy:
What does your role look like day-to-day?
Rita:
We run quarterly risk committee cycles, reviewing top risks, trends, and metrics. Business units complete first-line reviews, and I provide second-line challenge and oversight—focusing on performance, trends, and emerging risks.
Day-to-day includes control reviews, stakeholder engagement, and monitoring emerging issues.
Lucy:
How do you engage stakeholders who don’t naturally prioritise risk?
Rita:
Through regular “risk dialogues” and open conversations. It’s important to show we’re not there to police—we’re there to help. Encouraging transparency and a solutions-focused mindset makes a big difference.
Emerging Risks
Lucy:
What new risk areas are you seeing?
Rita:
AI and geopolitical risk are major focus areas. AI is still evolving, so it’s about balancing use with caution—don’t rely on it blindly, but don’t avoid it either.
Human judgement remains crucial; AI provides data, but people bring the insight.
Beyond that, third-party risk is key—especially understanding extended supply chains (fourth and fifth parties). We’re also monitoring portfolio vulnerability in the current economic climate.
Personal Impact
Lucy:
How has your career shaped you outside of work?
Rita:
It’s helped me balance detail with big-picture thinking. I’ve passed that mindset on to my children—encouraging them to learn broadly but always keep a clear end goal in mind.
Advice for Women Starting in GRC
Lucy:
Final question—what advice would you give to women starting out?
Rita:
Ask questions—nothing is too small. Get involved, attend events, and talk to people.
And most importantly, back yourself. Women often hesitate, while others may be more confident without the same foundation. Believe in your abilities.
Lucy:
Such great advice—and a perfect example of how networking opens doors, as that’s how we met!
Thank you so much, Rita.
And for our listeners, don’t forget the Women in GRC Awards on July 2 in London—grab your tickets now. We hope to see you there!
Frequently asked questions
A career in GRC requires a combination of technical knowledge and human skills. Professionals need to understand governance, risk, compliance, and controls, but they also need curiosity, communication skills, commercial awareness, and the confidence to ask questions. Strong GRC leaders can translate complex issues into practical actions that the wider business understands.
AI and data analytics can help financial services teams identify patterns, process information, and monitor risks more efficiently. However, human judgment remains essential when decisions require context, qualitative analysis, or an understanding of competing priorities. The strongest approach combines technology with meaningful oversight.
Financial services organizations often rely on complex networks of suppliers, cloud platforms, data providers, and outsourced services. Risks can extend beyond direct suppliers into fourth-, fifth-, and nth-party relationships. Understanding these dependencies is essential for operational resilience, cybersecurity, regulatory compliance, and effective risk reporting.
Organizations can support women in GRC by creating visible progression pathways, encouraging networking and development, offering opportunities to build leadership experience, and fostering cultures where different perspectives are heard. Supportive managers, mentors, and internal initiatives can also help women build confidence and progress into senior roles.
Spotlight on Women in GRC is a CoreStream GRC podcast series created in the lead-up to the Women in GRC Awards on 2 July 2026. The series features conversations with women working across governance, risk, and compliance, exploring their career paths, leadership lessons, and views on how the profession is changing.
