We’re shining a spotlight on the people shaping the future of governance, risk and compliance.
LinkedIn is one of the best places to find real conversations about risk leadership, compliance culture, internal audit, AI governance, operational resilience and the future of GRC.
In this blog, we’ve curated 8 GRC leaders worth following on LinkedIn. Their work spans:
- Risk leadership
- AI governance
- Internal audit
- Women in GRC
- Compliance culture
- Value-based risk management
From established analysts and community builders to senior practitioners challenging outdated ways of working, these are the voices helping make GRC more practical, human and commercially relevant.
#1 Andy Leigh
Andy Leigh OBE is Group Head of Internal Audit at Mott MacDonald.
His experience spans internal audit, group strategy, M&A, lead indicators and international development. That gives him a strong view of how governance, assurance, strategy and delivery connect across complex global organizations.
Andy is worth following if you want practical thinking on internal audit, assurance, infrastructure, lead indicators, international development and governance in complex project environments.
He also brings an element of fun to LinkedIn. His weekly #walktowork Friday posts encourage colleagues and peers to take the longer route, get their steps in and start the day with a bit more headspace. As a charity ambassador and mental health advocate, those posts add something personal to his wider audit and assurance commentary.
We particularly liked Andy’s post on his learnings from the CoreStream GRC x SANNOS community event:
“I spent this morning with our friends at CoreStream GRC and SANNOS – exploring how to automate control effectiveness testing and so create more time to focus on what really matters – why do things go wrong, what’s the root cause, and (honestly) how can we fix things so there’s systemic improvement? (I know I’m not the only one trying to do that. Are you?)”
Andy Leigh OBE, Group Head of Internal Audit, Mott MacDonald
That is why Andy is worth following. His content connects assurance to the questions boards and leadership teams actually need answered: are we managing the right risks, are our controls effective and are we focused on what really matters?
#2 Lauren de Thibault
Lauren de Thibault is a Risk Director at BT Group and a previous Women in GRC Award winner, named Head of Governance of the Year in 2024.
Her career spans law, compliance, governance and risk, giving her a broad view of what modern risk leadership really requires. Before moving into her current role, Lauren held senior governance, risk and compliance roles at Vodafone, including Head of Policy, Compliance Monitoring and Governance and Director of Risk, Assurance and Governance.
Lauren is worth following if you want practical insight on risk leadership, commercial awareness, stakeholder engagement, women in GRC and building a “squiggly” career across governance, risk and compliance.
Her perspective is especially valuable because she talks about risk as something that must sit close to the business, not outside it. In her Spotlight on Women in GRC podcast episode, Lauren made the point clearly:
“If you don’t understand your business, no one is going to care what you have to say, even if you’ve got the best points in the world about governance, risk, or compliance.”
Lauren de Thibault, Risk Director, BT Group
A standout LinkedIn post from Lauren, was when she was a RegTech panelist at #RISK Europe: “We explored how regulatory technology is evolving, from automation and data-driven compliance to how organisations can distinguish real innovation from industry noise. Crucially, we all recognised the importance of the human element to risk and compliance. “
#3 Stefan Gershater
Stefan Gershater is Head of Risk Transformation at National Grid, with previous senior risk roles at Co-op, Burberry and The Crown Estate.
Stefan is one of the bolder voices in value-based risk management. He challenges stale risk language and pushes risk teams to focus on better decisions, not just better registers.
His work is especially useful for GRC professionals who want risk to feel more strategic, commercial and relevant to the business. Follow Stefan for sharp thinking on value-based risk management, decision-making, risk culture, business strategy and how risk teams can stop creating activity without advantage.
We recommend his episode on Michael Rasmussen’s Risk Is Our Business podcast, where he encourages listeners to rethink risk as something that can create competitive advantage, not just reduce downside.
“It isn’t always just about minimizing risk. You might be good at controlling certain risks that make you competitively advantaged.”
Stefan Gershater, Head of Risk Transformation at National Grid
That is why Stefan is worth following. He makes the case for risk as a strategic asset, not a bureaucratic burden.
#4 Michael Rasmussen
Michael Rasmussen is a GRC analyst and pundit at GRC 20/20 Research, and one of the most recognized voices in governance, risk management and compliance.
Often described as the “Father of GRC,” Michael coined the acronym while working at Forrester Research and has continued to shape how organizations think about enterprise GRC, resilience, third-party risk, policy management, AI governance and connected risk management.
Michael is worth following for market context, technology trends and bigger-picture thinking about where GRC is heading next. He travels globally to meet risk and compliance leaders, speak with GRC technology vendors and understand how the market is changing in practice.
He is also the voice behind the GRC Report and the GRC 20/20 Innovation Awards, where CoreStream GRC won a 2025 GRC Innovation Award in the Enterprise Integrated GRC Architecture & Platforms category.
An example of Michael’s many posts that provides insight into the market, was after he spoke to a GRC leader in the energy sector, and outlined their approach: “Risk as a discipline to help the business understand uncertainty, make better investment choices, protect critical thresholds, and maximize value across a complex portfolio. That is where mature risk management earns its seat at the table.”
That is why Michael is worth following. His work challenges GRC teams to look past heat maps, checklists and disconnected reporting, and focus instead on how risk connects to objectives, resilience and better decisions. He also helps risk and compliance professionals understand what other sectors are doing, to bring fresh perspectives and inspiration.
#5 Kimberley Cole
Kimberley Cole is the founder of Risky Women, a global network connecting and championing women in governance, risk and compliance.
Through Risky Women, Kimberley brings together leaders across regulation, risk, compliance, technology and financial services. The network has grown into a global community focused on sharing perspectives, creating connections and celebrating women working across the GRC profession.
Kimberley is worth following if you want insight into women in GRC, career development, community building, regulation, the latest events, compliance leadership and the human side of risk.
Risky Women’s purpose is simple:
“Connecting, celebrating and championing women across the globe.”
A post we enjoyed from the Chief Risky Woman Officer is, her outlining a recent AI event sponsored by Risky Women: “We kicked off a new series of events with Baringa last night… The topic AI with our focus on Risk & Compliance and with an emphasis on people, adoption and impact. Women and girls are adopting differently and we explored ideas to drive acceleration with a clarity of purpose too.”
That is why Kimberley belongs on this list. Her work has helped make women in risk, regulation and compliance more visible, more connected and more central to the conversations shaping the future of GRC.
#6 Naomi Bowman
Naomi Bowman is a Global Banking Transformation Partner focused on AI governance, ethics, risk and financial services transformation.
She is also a former COO and MD at HSBC, with deep experience across governance, operations, transformation and control environments in large financial institutions. Her profile through Risky Women describes her work as focused on governance, risk and AI-enabled operating models.
Naomi is worth following if you want thoughtful commentary on AI governance (she’s studying for an AI masters), banking transformation, operational risk, compliance leadership and the future of financial services controls.
Her experience brings a senior operational lens to the AI governance conversation. She is especially strong on the question of who gets to shape AI, who is included in governance decisions and how organizations avoid building systems that overlook the people most affected by them.
We liked Naomi’s recent post on AI governance and representation, where she challenged leaders to think beyond the technology itself:
“We are designing the future for everyone from within a room that almost no one else can enter.”
Naomi Bowman, Global Banking Transformation Partner
That is why Naomi belongs on this list. She brings AI governance back to people, accountability and inclusion, which is exactly where the conversation needs to be.
#7 Richard Chambers
Richard Chambers is a senior advisor in risk and audit, award-winning author and former President and CEO of The Institute of Internal Auditors.
He has spent more than 4 decades working in and around the internal audit profession, including 12 years leading The IIA from 2009 to 2021. Today, he regularly shares insight on internal audit, assurance, audit committees, risk leadership, governance and the future of the profession.
Richard is worth following if you want practical perspectives on audit independence, communication with audit committees, board-level accountability and the changing role of internal audit. His content is especially useful for audit and risk leaders who want to move beyond safe reporting and strengthen the relationship between audit, management and the board.
We liked Richard’s post on saying the quiet things out loud to the audit committee, where he challenged internal auditors to be clearer when management limits audit’s work, audit lacks resources, culture is elevating risk, findings are suppressed or corrective action is not being prioritized.
“Audit committees do not need comfort. They need candor.”
Richard Chambers, senior advisor in risk and audit
Richard keeps internal audit focused on its real purpose: independent assurance, honest challenge and speaking truth to power when it matters most.
#8 Carole Switzer
OCEG helped develop the idea of Principled Performance, Carole Switzer is the co-founder of OCEG, a global nonprofit think tank focused on governance, risk management and compliance.
OCEG provides standards, guidance and resources to help organizations achieve Principled Performance. Carole has helped shape GRC standards, education and resources for more than 20 years, making her a useful follow for anyone who wants to understand GRC as a discipline, not just a technology category.
Carole is worth following if you want insight into GRC standards, Principled Performance, governance, ethics, compliance, legal risk and the role of lawyers in GRC. She brings a rare mix of legal, standards, education and community-building experience to the conversation.
We liked Carole’s article, The GRC Strategy Wake-Up Call: Why Half of Organizations Are Missing the Mark based on the results of OCEG’s 2025 GRC Maturity Survey like only 49% of organizations have a formal GRC strategy in place.
“GRC maturity isn’t just about compliance anymore. It’s about competitive advantage. Organizations with mature GRC capabilities can navigate uncertainty, seize opportunities, and build stakeholder trust in ways their less mature competitors simply cannot.“
Carole Switzer, Co-Founder of OCEG
See you on LinkedIn!
Frequently asked questions for risk and compliance leaders to follow on LinkedIn
Some of the most influential risk and compliance leaders to follow on LinkedIn include Andy Leigh, Lauren de Thibault, Stefan Gershater, Michael Rasmussen, Kimberley Cole, Naomi Bowman, Richard Chambers and Carole Switzer. These experts share insights on governance, risk and compliance (GRC), internal audit, AI governance and risk management strategy, helping professionals stay ahead of industry trends and improve how they use risk management tools and GRC platforms in practice.
Following GRC leaders on LinkedIn helps professionals stay updated on risk management best practices, compliance trends and emerging technologies like AI governance. These leaders often share practical advice on using compliance management software, internal audit software and enterprise risk management tools to improve decision-making, strengthen risk culture and align governance with business strategy.
LinkedIn insights from experienced leaders can help organizations improve their approach to enterprise risk management, compliance management and operational resilience. By learning how others apply GRC tools, risk assessment software and incident management software, businesses can better connect risk, compliance and performance, making their risk management systems more effective and aligned with real-world challenges.
Top GRC influencers regularly share content on risk leadership, compliance culture, internal audit, AI governance, third-party risk management and operational resilience. They also discuss how organisations can use GRC platforms, compliance tools and data governance software to move beyond checklists and build more strategic, value-driven risk management approaches.
