CoreStream GRC is delighted to announce that Sophie Lis, our Director of Compliance and Information Governance, has been recognized as a Risky Women “Women to Watch”. This follows after her win as Innovator of the Year at the Women in GRC 2025 awards.
Risky Women has been connecting, celebrating and championing women in governance, risk and compliance since 2014. It hosts a network of 4,500+ senior decision makers across 20+ countries and cities. “Women to Watch” is just one of the ways the organization spotlights individuals doing standout work and invites the community to nominate women they admire.
For us, this recognition is a straightforward reflection of what Sophie delivers every day: high standards, clear accountability, and effective governance that positively impacts the business and our clients.
“This recognition matters to me because women need to see what’s possible in GRC leadership. The talent is there, but visibility and sponsorship still shape who gets seen and who gets promoted.
I’ve been lucky to work in an environment that values standards, outcomes, and inclusion, and I want to pay that forward. If someone early in their career sees this and thinks ‘I could do that too,’ then it’s already done something worthwhile.”
Sophie Lis, Director of Compliance and Information Governance, CoreStream GRC
What “Women to Watch” is really about
Risky Women’s Women to Watch initiative is designed to spotlight women who are driving the profession forward. It highlights people who are not only doing their jobs well, but actively raising standards across the Governance, Risk and Compliance community. The initiative is global and community-led, with quarterly features that celebrate women making a meaningful impact across the field.
That’s why this recognition fits Sophie so well. She is not well known because she is the loudest person in the room. She stands out because of the quality of her work. It is rigorous, practical, and dependable under pressure.
Just as importantly, she brings a wider awareness to her role. She understands not only her own place in GRC, but also the broader position of women in the profession, and the importance of creating space for others to progress.
Sophie Lis at CoreStream GRC: what she’s responsible for
Sophie Lis is Director of Compliance and Information Governance at CoreStream GRC. Her role is to ensure our standards are not only defined, but operational. That means they are workable in day-to-day delivery, consistent as we scale, and defensible when customers, auditors, or regulators need proof.
In practice, that means things like:
- Translating complex obligations into workflows people can actually follow
- Building repeatable evidence trails, to avoid last-minute document hunts
- Drafting and maintaining core governance policies, to shape training and awareness.
- Keeping governance tight when regulations shift, suppliers change or incidents happen
- Making sure the way we operate matches what we say we do
- Driving assurance and trust
- Leading work aligned to recognized standards, including International Organization for Standardization ISO 27001.
- Supporting robust internal controls, audit processes, and third-party risk practices
Sophie provides a strong example of the fact that good governance cannot happens within the confines of a slide deck. It’s a system. And systems only work when someone senior is accountable for how they run day to day.
“Sophie’s strength is making governance practical, then making it provable. It’s one of the reasons we hold ourselves to strong assurance standards internally, and why clients trust the platform in highly regulated environments.”
Matt Eddolls, Co-Founder and CTO, CoreStream GRC
Client impact, in their words
Sophie’s approach is also felt directly by customers operating in high-scrutiny environments, including BBC and NHS trusts, where information governance has to work in real conditions, not ideal ones.
“Sophie’s [account manager] been really, really good. She understands our pain points, our volumes, and why we need something different. We’ve built a solution that works for us, but it’s transferable, not bespoke. That makes it more powerful for everyone.”
Marc Wilson, Head of Information Security & Data Protection Officer, Nottingham University Hospitals, NHS Trust
Sophie provides a strong example of the fact that good governance cannot happen within the confines of a slide deck. It’s a system. And systems only work when someone senior is accountable for how they run day to day.
“Sophie’s strength is making governance practical, then making it provable. It’s one of the reasons we hold ourselves to strong assurance standards internally, and why clients trust the platform in highly regulated environments.”
Matt Eddolls, Co-Founder & CTO, CoreStream GRC
The work behind the recognition: a track record built on outcomes
Sophie’s recognition is rooted in the work itself.
She has been involved in CoreStream GRC from the very beginning and has played a major role in shaping how the platform works in practice. Her work has helped organizations such as the BBC and the NHS streamline processes, reduce friction and improve operational efficiency in high-scrutiny environments.
That matters because CoreStream GRC is built for organizations with a high bar for governance. We are not only GRC software providers. We are also part of the wider industry conversation about what good governance should look like in real life. Sophie’s work reflects that standard. She has helped build systems that are practical, accountable, and resilient under pressure.
She is also a huge part of what makes CoreStream GRC what it is today culturally. She lives the company’s values in the way she works, the standards she sets, and the way she supports others. People like Sophie are the reason we are so proud of what CoreStream GRC has become.
Sophie was also named GRC Innovator of the Year at the Women in GRC Awards 2025. That award recognized her work modernizing compliance through agile, technology-enabled approaches, and building digital systems that strengthen governance and audit outcomes.
Why CoreStream GRC champions women in GRC
In Nikki Dowdall’s keynote at the 2025 Women in GRC Awards, she cited that only 17% of Chief Risk Officers and 14% of Chief Compliance Officers are women, despite women making up 50% of entry-level functions in GRC.
At CoreStream GRC we understand that you don’t fix that with statements. We fix it with action and consistency. Hence why we are leading the way;
- We sponsored and partnered with Women in GRC, and we’ve treated it as an ongoing relationship, not a one-off event.
- We keep the conversation going beyond awards nights, including panels like our #RISK Europe discussion focused on equity and allyship in practice.
- We doubled down for 2026, deepening our commitment, because progress only happens when commitment is sustained.
“Sophie shows up publicly for the profession, not just the company, and that matters for so many aspiring women in GRC who need visible role models. When we back initiatives like Women in GRC, Sophie’s the kind of leader who makes sure it’s not just a logo on a banner, it’s something we live internally too.”
Lucy Montague, Head of Marketing, CoreStream GRC
The link between GRC talent and the platform you end up with
Here’s what buyers often miss: a GRC platform is only as strong as the people and standards behind it.
If you want governance that holds up in the real world, you need more than policies and good intentions. You need a working rhythm where ownership is clear, decisions are documented, evidence is captured as work happens, and reporting reflects reality, not best-case assumptions.
That’s exactly where Sophie’s leadership shows up. She sets the bar for how we operate internally, and she that same discipline is brought into how CoreStream GRC is designed, so customers are not just buying features. They’re buying a way of working that stands up when it’s tested.
Want to learn more about us?
FAQ on Sophie Lis, Risky Women’s “Women to Watch”
Sophie Lis is Director of Compliance and Information Governance at CoreStream GRC and has been recognized by Risky Women as a Women to Watch. She was also named GRC Innovator of the Year (2025) at the Women in GRC Awards.
CoreStream GRC partners with Women in GRC Awards (WGRC) to champion women’s leadership, visibility, and progression in governance, risk, and compliance (GRC), through sustained involvement, not one-off campaigns.
Sophie is recognized as a Risky Women Women to Watch because her work makes compliance and information governance practical and defensible, aligning with Risky Women’s mission to champion women shaping the future of GRC.
Risky Women is a global network founded in 2014 to connect, celebrate, and champion women in governance, risk, and compliance. Its Annual Report 2024 states it includes 4,500+ senior decision makers across 20+ countries and cities.
The Women in GRC Awards recognizes women across the GRC profession for leadership, influence, and innovation. CoreStream GRC has been publicly involved and recognized, including Sophie’s Innovator of the Year win in 2025.
