In anticipation for the Women in GRC Awards on 2nd July 2026, we’re running a podcast series “Spotlight on Women in GRC”. In this first episode, Head of Marketing, Lucy Montague of CoreStream GRC sits down with Lauren de Thibault, a Risk Director at a leading global telecommunications company and previous Women in GRC Award winner, and shares how a career spanning law, compliance, governance and risk shaped her leadership style.
The conversation explores what the next era of GRC leadership will demand: stronger communication, better commercial understanding, trusted cultures, human judgment and a more creative approach to AI. As AI changes how organizations make decisions, GRC leaders have a clear role to play: helping the business move quickly, safely and with the right guardrails in place.
GRC is changing fast. AI, data and automation are reshaping how risk and compliance teams work, but the future of GRC leadership will not be less human. It will be more human. The leaders who stand out will be the ones who can connect risk to real decisions, people and business value.
As Lauren de Thibault explains in the first episode of the Spotlight on Women in GRC podcast, strong GRC leadership depends on:
“Weighing up competing priorities, using your judgment to help the business make smart risk-based decisions.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That point matters as AI adoption accelerates. IBM’s Cost of a Data Breach Report 2025 warns that AI adoption is outpacing security and governance, with organizations needing better visibility over AI deployments, including shadow AI.
At the same time, the World Economic Forum’s Future of Jobs Report 2025 found that analytical thinking remains the most sought-after core skill among employers, with growing demand for creative thinking, resilience, flexibility, agility, leadership and social influence.
For GRC leaders, the challenge is not to slow the business down. It is to help it move quickly, safely and with the right guardrails in place.
“How do we make sure that we’re not too hamstrung as well, that everyone’s not frozen in fear about what can be done?”
Lauren de Thibault, Risk Director and former Women in GRC winner
That is why this conversation is so timely. The next era of GRC will need leaders who are commercially aware, confident with technology and able to build trust across the business. AI may change the tools, but human judgment, clear communication and smart risk-based decision-making will still define the leaders who make the biggest impact.
AI has huge potential to reduce repetitive GRC work. According to SANNOS, 60-80% of GRC processes and tasks could be at least partially automated by AI. But adoption needs to be inclusive as well as efficient. Harvard Business School research found that women are adopting AI tools at a 25% lower rate than men on average, which makes visible female leadership in AI-enabled GRC even more important. Women in GRC have an opportunity to help shape how AI is used safely, effectively and with the right governance around it.
Human and AI partnership will define the next era of GRC
The next era of GRC will not be defined by AI alone, but by how well people and AI work together. As Lauren explains, AI needs to be viewed as part of the wider operating model, not as a standalone fix.
“The partnership between humans and AI needs to be looked at holistically, not individually. It’s about what we’re going to do together.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That means GRC leaders will need to do more than understand the technology. They will need to explain it, challenge it, govern it and translate its value into language the business understands. If GRC wants to move from blocker to enabler, communication and commercial understanding matter just as much as technical knowledge.
“If you don’t understand your business, no one is going to care what you have to say, even if you’ve got the best points in the world about governance, risk or compliance.”Lauren de Thibault, Risk Director and former Women in GRC winner
This is where governance can become a value driver, not just a control layer. Gartner found that organizations that perform regular audits and assessments of AI system performance and compliance are over 3 times more likely to achieve high GenAI value than those that do not. That matters because it shows that effective AI governance does not have to slow innovation down. Done well, it helps organizations use AI with more confidence, accountability and business impact.
Why non-linear careers can build stronger GRC leaders
Lauren’s own career shows why there is no single route into GRC leadership. Her path has moved from law into compliance, governance and risk, giving her a broad view of how decisions are made, how controls work, and how risk connects to the wider business.
“It’s been a bit of a squiggly journey, but everything is related.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That kind of non-linear career can be a real advantage in senior GRC roles. The best leaders are not only technical experts. They need to understand regulation, business strategy, stakeholder pressure, culture, communication and change.
A background that crosses different disciplines can make a leader more commercially aware, more adaptable and better able to see how each part of the organization connects.
As Lauren puts it, progression in GRC is not just about collecting more technical knowledge. It is about building the skills to use that knowledge well.
“It’s not just about knowledge, it’s really about skill set.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That skill set includes judgment, communication, confidence, curiosity and the ability to bring people with you. For future GRC leaders, a squiggly career should not be seen as a weakness. It can be exactly what helps them understand the business, ask better questions and lead across functions.
Maternity leave and career breaks can create perspective, not pause ambition for women in GRC and beyond
Maternity leave, career breaks, secondments and role changes are often framed as pauses. This Risk Director sees them differently. For her, time away from the usual pace of work can create the space to reflect, reframe priorities and return with a sharper sense of direction.
“I’m a big fan, as you’ve seen, from maternity leave… because it’s 9 months to a year where you can really get a completely different perspective.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That point matters beyond maternity leave. In GRC, where leaders are expected to balance regulation, business change, stakeholder pressure and emerging risks, perspective is a strength. Time spent in a different role, on a secondment, away from work, or returning after caring responsibilities can help leaders build resilience, judgment and a clearer view of the kind of environment they need to thrive.
For employers, this is not just a wellbeing issue. It is a retention issue.
CIPD’s 2025 Flexible and hybrid working practices report found that 80% of employees said flexible working had a positive impact on their quality of life, while 3% had left a job in the last year because of a lack of flexible working, representing around 1.1 million UK workers.
Trust and empowerment shape who gets to progress
Lauren’s advice to others in the GRC space is simple, but important;
“You need to pick your bosses wisely, as well as picking the next role.”
Lauren de Thibault, Risk Director and former Women in GRC winner
Progression does not happen in a vacuum. People need managers who trust them, cultures that support flexibility, and teams where they can challenge, learn and step up without being punished for needing balance. For women aiming for senior leadership, that support can be especially important. McKinsey and LeanIn.Org’s 2025 Women in the Workplace report found that women remain underrepresented at every level of the corporate pipeline, with women holding 29% of C-suite roles.
As Lauren explains, caregiving responsibilities do not disappear at senior level. They are often carried alongside demanding leadership roles:
“Even doing half of that second shift is a lot.”
Lauren de Thibault, Risk Director and former Women in GRC winner
The point is not that ambition disappears when someone needs flexibility. Often, the opposite is true. The right culture can help people stay, progress and bring stronger judgment to leadership.
In a field like GRC, where trust, communication and good decision-making are everything, that kind of culture is not a nice-to-have. It shapes who gets to lead.
Risk Director’s advice on pushing yourself to leave comfort zone, not abandon balance
Progression can sometimes mean stepping outside the environment where your flexibility, goodwill and reputation are already established. That can feel uncomfortable, especially when you have built trust in one organization or role. But Lauren’s move from Head of Policy, Compliance Monitoring and Governance into a Director of Risk role shows why taking that next step can be necessary.
“It was taking that step up and realizing I’m good at this, I can do it, and it’s time to do it somewhere else.”
Lauren de Thibault, Risk Director and former Women in GRC winner
The key point is that growth does not have to mean abandoning balance. It means knowing when you are ready for more, being honest about the environment you need to succeed, and having the confidence to back yourself when the next opportunity appears.
For future GRC leaders, that matters. Risk and compliance careers rarely move in straight lines. Sometimes the next stage comes from staying and building influence. Sometimes it comes from moving into a new business, a new function or a bigger leadership role. The important thing is not to wait until you feel 100% ready. It is to recognize when your experience, judgment and skills have already prepared you for the next step.
Closing: the future GRC leader is broad, commercially aware and comfortable with change
The real lesson from Lauren’s episode is that the next era of GRC leadership will need breadth. Technical knowledge still matters, but it will not be enough on its own. The strongest leaders will be able to combine judgment, AI literacy, empathy, commercial understanding and the confidence to guide the business through change.
For Lauren, that starts with listening. GRC leaders need to understand what the business is trying to achieve before they can influence how risk is managed.
“Spend more of your time listening than you do telling them what they should be doing.”
Lauren de Thibault, Risk Director and former Women in GRC winner
That advice sums up the wider conversation. GRC is most effective when it is connected to real decisions, real people and real business priorities. The leaders who make the biggest impact will not be the ones who simply know the rules. They will be the ones who can translate risk into action, build trust with stakeholders and help the organization move forward with confidence centered around value-based GRC.
About Lauren de Thibault
Lauren de Thibault is a Risk Director at a global telecommunications brand, with experience across law, compliance, governance, risk and assurance. Her career began in competition and regulatory law at Slaughter and May.
She later moved into senior in-house and GRC leadership roles, including at Vodafone, where she held positions across policy, governance, risk, assurance and compliance monitoring.
Lauren’s career reflects one of the key themes of the podcast: GRC leadership is rarely linear. Her path from law to compliance, policy, governance and risk shows how broad experience can help leaders build stronger judgment, communicate more effectively and connect risk to business value.
About the Spotlight on Women in GRC podcast
CoreStream GRC’s Spotlight on Women in GRC podcast series has been created in the lead-up to the Women in GRC Awards on 2 July 2026. Across the series, CoreStream GRC’s Head of Marketing, Lucy Montague speaks with women working across governance, risk and compliance to explore their career paths, leadership lessons and views on the future of the profession.
Frequently asked questions
The Spotlight on Women in GRC podcast is a series from CoreStream GRC that highlights women working in governance, risk and compliance, sharing insights on leadership, career development and the future of GRC.
Lauren de Thibault is a Risk Director with experience across law, compliance, governance, risk and assurance. She is featured because her career path and leadership perspective reflect many of the challenges and opportunities shaping modern GRC.
This episode argues that AI can improve GRC efficiency and decision support, but it also makes human judgment, communication and governance even more important. The strongest GRC functions will combine technology with trusted leadership and clear guardrails.
The content highlights communication, commercial awareness, judgment, adaptability and the ability to connect risk to business priorities. Technical knowledge still matters, but leadership in GRC increasingly depends on influence and cross-functional understanding.
A non-linear career path can build broader perspective across law, compliance, governance and risk. That wider experience can help future leaders make better decisions, communicate more effectively and understand how GRC supports the business.
A strong Risk Director helps the business move quickly and safely, balances innovation with governance, and translates risk into practical action. In an AI-driven environment, that also means understanding how to govern new technologies without slowing progress unnecessarily.
Women in GRC leadership bring visible role models, diverse perspectives and practical insight into how governance, risk and compliance can evolve. As AI and business change reshape the profession, strong and representative leadership will help define its future.
