An evening for our Melbourne CREW members on what it's really like to be a senior woman in risk and compliance.

There is a version of senior risk and compliance work that doesn't appear in the position description.

The version where you might be the only person in the room who sees the problem clearly, and also the only person whose job it is to say something about it. Where "have you thought about..." is your most important phrase. Where you are rarely thanked for what didn't happen.

CREW recently brought together a room of senior women in risk and compliance in Melbourne to talk honestly about that version of the job. What follows are the takeaways the speakers have agreed to share.

How you show up matters as much as what you do

Sarah Ray, Head of Compliance and Financial Crime at Cbus Super, opened with something that reframed the conversation from the start. At senior levels, she said, the role isn't just about technical expertise, it's about presence.

"Risk and compliance roles, especially as they get more senior, aren't just about what you do, but how you show up. Being calm under pressure, consistent in your values, and clear in your judgement is key."

She was equally direct about the pace of recognition in this work: build the things you'd stand behind, make incremental improvements and accept that external validation lags. Focus on what you can control and influence where you can't.

It sounds straightforward. In practice, for people operating at the edge of institutional risk on a daily basis, it requires a particular kind of discipline that rarely gets acknowledged.

Relationships are the work

Belinda Worrell, Head of Compliance and Regulatory Affairs at Crown Resorts, brought a perspective anchored in the practical reality of compliance as a function that lives or dies by its internal relationships.

Her takeaways were deceptively simple: understand the needs of the business you support. Partner with them. Sell compliance, not as a constraint, but as something genuinely valuable. Focus on the relationships and above all, be transparent, because transparency is central to building trust, both internally and externally.

None of this is new advice. What made it land in the room was the honesty about how hard it is to sustain in environments where compliance is still treated as a cost centre, a blocker or a necessary inconvenience. The work of repositioning the function, of being genuinely useful rather than just technically correct, is ongoing and largely invisible.

Push when it changes a decision - wait when it doesn't

Cora Speed,. Compliance Consultant at AustralianSuper, offered some useful framework:

"A simple test I use when deciding what to push and what to let go: if I push this now, will it change a decision or just prove a point? If it's just proving a point, I wait."

For anyone who has spent time in a compliance or risk role, this lands with recognition. The instinct to be right, to have the issue on record and to be seen to have raised it, is understandable. It is also sometimes the wrong call.

Cora went on to talk about the Trusted Advisor framework as a tool for building the kind of internal credibility that makes compliance counsel sought rather than tolerated. The goal, she said, is to be the first person your stakeholders turn to when they're unsure of something, or when something has happened. That positioning doesn't come from authority. It comes from trust, built over time, through consistent and useful engagement.

She also spoke to something that often gets overlooked: the language of risk. How leaders communicate internally about compliance issues has a direct effect on team culture. Rather than "this is a big issue," Cora's approach is to reframe: "Here are the three things that matter and what we're doing next." Words, she said, matter, particularly when you're trying not to pass anxiety down to your team.

Finally, she made a pointed observation about technology. Risk and compliance professionals are already working with automated controls, but the opportunity goes further. Inserting yourself into system-related changes arising from regulatory change or incident remediation, reviewing test case scenarios for sufficient scope and coverage, is a place where compliance expertise adds genuine value and where the profession has room to grow its influence.

What the room said without saying it

The most important thing about an evening like this isn't the frameworks or the takeaways. It's the recognition.

Senior risk and compliance work is structurally isolating. You are, by design, the person who sees what others would rather not see and says what others would rather not say. That is the job and it is a lot easier to do well when you are occasionally in a room with people who already understand the terrain, who don't need the dynamic explained, because they're living it too.

CREW will be hosting more conversations like this one. If you work in risk, compliance or a role that sits adjacent to both and you'd like to be part of our next session, please get in touch.