50 Essential Thought Leaders in Risk Management Globally

Last updated: June 2026

Introduction

The fifty people on this list represent the most important voices in risk management across enterprise risk, governance, compliance, financial risk, operational resilience, and emerging technology risk. They range from pioneering academics whose frameworks now underpin global standards to active practitioners building and rebuilding risk functions inside major organisations right now. As of June 2026, risk management has never been more central to organisational survival.

The World Economic Forum's Global Risks Report 2026, based on a survey of over 1,300 experts, ranked geoeconomic confrontation as the single most likely risk to trigger a global crisis this year, selected by 18 percent of respondents. State-based armed conflict came second at 14 percent. Half of all respondents expect conditions to be turbulent or stormy over the next two years, rising to 57 percent when the horizon extends to ten years. The complexity of that risk landscape is the reason this field needs clear, credible, intellectually serious voices.

This list was put together to surface the leaders who genuinely deserve to be far better known, moving past the handful of names that appear on every corporate risk conference programme and into the people who are actually building the conceptual infrastructure of the field. The selection criteria prioritised documented contribution to the discipline, active professional engagement in 2025 or 2026, geographic and disciplinary diversity, and a deliberate preference for the mid-tier voices whose ideas are most likely to be new to most readers.

For leadership teams working through the cultural, communicative, and relational dimensions of risk, including how risk conversations actually happen inside executive teams, how difficult decisions get made under uncertainty, and how accountability systems either enable or undermine risk awareness, Jonno White works with organisations around the world. Jonno is a Certified Working Genius Facilitator, author of Step Up or Step Out (10,000+ copies sold), and host of The Leadership Conversations Podcast (230+ episodes, 150+ countries). Email jonno@consultclarity.org.

Why Risk Management Matters Right Now

Effective risk management is the difference between an organisation that anticipates disruption and one that is destroyed by it. The WEF's 2026 Global Risks Report captures an "age of competition" in which geopolitical fragmentation, AI-driven uncertainty, and ecological instability are converging faster than most governance frameworks were designed to handle.

The enterprise risk management market was valued at USD 5.94 billion in 2025 and is projected to grow steadily through the next decade, driven by regulatory pressure, cyber threat escalation, and the integration of AI into risk monitoring platforms. That growth projection is a FORECAST from market research aggregators rather than confirmed historical data, and figures vary considerably across research firms. What is not in dispute is the direction: organisations are investing more, not less, in structured risk oversight.

Protiviti's 2026 Global Report on Top Risks, which surveyed over 1,500 board members and C-suite leaders, found that AI integration, cybersecurity, and talent challenges sit at the top of executive concern lists globally. The convergence of those three challenges is precisely why thinking clearly about risk has become a board-level strategic imperative rather than a back-office compliance function.

Organisations that want to build the leadership culture that allows risk conversations to happen honestly, including the ability to surface bad news early and have difficult performance conversations, can engage Jonno White for executive facilitation and leadership development work. Email jonno@consultclarity.org.

How This List Was Compiled

Every person on this list was selected against three criteria: a documented contribution to the discipline of risk management through published work, credentials, or sustained practitioner output; active professional engagement as of 2025 or 2026; and representation of the full range of the field, from academic foundations and GRC frameworks to financial risk, operational resilience, ESG risk, and emerging technology. The list deliberately moves past the most globally prominent household names in favour of voices that every senior risk professional and leadership team member genuinely needs to know.

Category 1: Enterprise Risk Management Frameworks and Foundations

The people in this category built the intellectual foundations on which modern ERM rests. Whether through the frameworks that shaped how organisations think about risk, the academic research that has tested those frameworks empirically, or the books that gave practitioners a common vocabulary, these seven voices define what enterprise risk management means as a discipline. Each has made contributions that outlast any single methodology or market cycle.

1. James Lam

James Lam is widely recognised as the first-ever Chief Risk Officer, having held that title at GE Capital in the early 1990s at a moment when the concept of enterprise-wide risk ownership barely existed as a function. As President of James Lam & Associates, the risk management consulting firm he founded in 2002, he has spent the decades since helping boards and C-suite executives build ERM programmes that create strategic value rather than simply checking compliance boxes.

His book Enterprise Risk Management: From Incentives to Controls, now in its second edition, has been described in multiple academic courses and professional certification programmes as the definitive ERM practitioner text. The book's core argument, that risk and return must be managed together rather than separately, shaped how a generation of CROs justified their function to sceptical CFOs and boards. He delivers a certificate programme in advanced ERM through RIMS and continues to train risk champions inside major organisations.

2. Mark Beasley

Mark Beasley is Alan T. Dickson Distinguished Professor of Accounting and Director of the Enterprise Risk Management Initiative at NC State University's Poole College of Management, one of the most influential academic centres for ERM research and professional development in the world. He served on the Committee of Sponsoring Organizations of the Treadway Commission (COSO) board for seven years and contributed to both the 2004 and 2017 revisions of the COSO ERM Framework, the most widely referenced ERM standard in corporate governance.

His annual surveys of ERM maturity, conducted in partnership with AICPA and later AICPA & CIMA, have tracked the state of risk oversight across hundreds of organisations for more than a decade and produced some of the most cited data points in board governance literature. His LinkedIn posts in 2025 and 2026 have drawn on his Spring ERM Roundtable Summit work and his global study course on managing megatrends for organisational resilience, which took NC State students to Geneva, Basel and Zurich to explore how organisations are confronting emerging systemic risks.

3. Betty Simkins

Betty Simkins is Program Director of the Alternative Investment Program at the Neeley School of Business at Texas Christian University, a role she moved into from Oklahoma State University's Spears School of Business in January 2026 after decades as the Williams Companies Chair and Regents Professor of Finance there. Her research sits at the intersection of energy finance and risk management, and she has co-authored more than 75 journal articles and book chapters, making her one of the most prolific published voices in applied risk management research.

She co-edited two editions of Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives with John Fraser and others, producing what remains one of the most comprehensive academic surveys of ERM practice and research. In 2018 she was appointed to the Market Risk Advisory Committee of the Commodity Futures Trading Commission. Her breadth, spanning energy sector risk, corporate treasury, and enterprise-wide risk governance, makes her one of the few voices who bridges the practitioner and academic worlds credibly in both directions.

4. Nassim Nicholas Taleb

Nassim Nicholas Taleb is Distinguished Professor of Risk Engineering at NYU Tandon School of Engineering and Scientific Advisor at Universa Investments. His five-volume Incerto series, including The Black Swan, Antifragile, Fooled by Randomness, and Skin in the Game, has fundamentally reoriented how many practitioners and executives think about uncertainty, rare events, and the structural fragility of organisations that optimise for efficiency without building buffers against the improbable.

His concept of antifragility, the idea that systems can be designed to gain from volatility rather than merely survive it, has been absorbed into organisational resilience thinking globally in a way that no academic framework paper ever achieves. At Visa GCC Connect 2025 in Milan he delivered a stark warning that Western debt levels and AI-driven workforce disruption represent real structural fragilities that markets are systematically mispricing. Whether or not one agrees with every Taleb position, his framework vocabulary has become part of how serious risk thinkers talk about systemic risk.

5. Hans Laessoe

Hans Laessoe spent 25 years as Strategic Risk Manager at the LEGO Group, where he built one of the most widely studied corporate ERM programmes in the world. What made the LEGO approach distinctive was its explicit integration of risk management into strategic decision-making rather than treating it as a periodic assessment exercise or a compliance reporting function. Laessoe argued consistently that risk management only earns its seat at the executive table when it helps the business say yes to opportunities, not just no to threats.

Since leaving LEGO, Laessoe has founded AKTUS and continued to publish, speak, and develop the thinking he built at LEGO into transferable frameworks for other organisations. He was named FERMA Risk Manager of the Year and continues to be one of the most influential European voices on what good ERM practice actually looks like inside a large, complex organisation. His discussions with Carol Williams and Alex Sidorenko on quantitative risk modelling and decision integration are among the most substantive practitioner conversations available in the public risk management community.

6. Hakan Jankensgard

Hakan Jankensgard is Associate Professor of Finance at Lund University in Sweden, where his research examines corporate risk management, derivatives, and enterprise risk from an economics and finance perspective that complements the practitioner-led frameworks dominant elsewhere in the field. He has developed original ideas on how firms should think about risk through the lens of value creation, arguing that much of what passes for risk management in corporate governance adds cost without adding value because it fails to connect risk-taking to the firm's competitive position.

His blog and LinkedIn presence bring finance-theoretic thinking to practicing risk managers in an accessible style. His book Rethinking Risk Management challenges some of the foundational assumptions of the ERM industry and asks whether the standard risk committee, risk register, and heat map approach is actually the best use of a risk function's resources. That kind of constructive challenge to orthodoxy, grounded in empirical research and clearly argued, is exactly what a maturing discipline needs.

7. John Fraser

John Fraser is Senior Fellow at the DeGroote School of Business at McMaster University in Canada and one of the foremost practitioners-turned-academics in enterprise risk management. As former Senior Vice President for Internal Audit and Chief Risk Officer at Hydro One Networks, one of North America's largest electricity transmission companies, he built an ERM programme that became a reference case for integrated risk and strategy oversight.

Fraser co-edited the two editions of Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives alongside Betty Simkins, Rob Quail, and others, creating what is genuinely the most comprehensive English-language collection of ERM research and practice available. His contributions to Canadian governance standards and to academic research have made him a bridge figure between the theoretical and applied strands of the discipline that often talk past each other.

Category 2: GRC, Governance and Compliance Leadership

Governance, risk, and compliance as an integrated discipline has its own distinct intellectual community, separate from the ERM framework world and closer to the operational realities of how risk oversight actually functions inside complex organisations. The seven people in this category have built the conceptual infrastructure, the software market definitions, the practical frameworks, and the public commentary that shapes how GRC professionals do their work.

8. Michael Rasmussen

Michael Rasmussen is Founder and Principal Analyst at GRC 20/20 Research, and is known throughout the governance, risk, and compliance profession as the "Father of GRC" for having been the first to define and model the GRC market while at Forrester Research in February 2002. In the more than two decades since, he has built GRC 20/20 into a globally recognised research and advisory firm covering enterprise GRC strategy, GRC technology architecture, corporate compliance, and policy management.

He is a sought-after keynote speaker, having delivered the opening keynote at the GPRC Summit 2026 in Riyadh. His blog, podcast series "Risk is Our Business," and prolific LinkedIn posts make him one of the most consistently visible voices at the intersection of GRC practice and technology. His Honorary Life Membership of The Institute of Risk Management reflects the unusual combination of market-shaping research and practitioner relevance he brings. His contribution to global GRC thinking, particularly on third-party risk and supplier risk governance, remains among the most cited in the space.

9. Norman Marks

Norman Marks is an independent author, blogger, and consultant and one of the most influential voices on governance, risk management, and internal audit in the world. As a former Chief Audit Executive and Chief Risk Officer at major global corporations including Tosco, Business Objects, and Solectron, he built a career spanning 20 years in the most senior risk and audit roles. He is now an Honorary Fellow of the Institute of Risk Management and was inducted into the Institute of Internal Auditors' American Hall of Distinguished Practitioners in 2018.

His book World-Class Risk Management and his long-running blog on governance and risk, which generates regular discussion on LinkedIn with practitioners from around the world, have made him one of the most consistently read independent voices in the field. His January 2026 posts on the importance of framing risk discussions around decisions rather than risk registers reflect the practical philosophy he has developed over decades. He argues that the most important risk meetings are not where managers report risks, but where leaders actually decide how to respond to them.

10. Tim Leech

Tim Leech is Founder and Managing Director of Risk Oversight Solutions Inc., based in Oakville, Canada, and is one of the most persistent and intellectually serious critics of conventional ERM practice. His framework, Mission-Critical Objective-Centric Risk and Assurance, published in book form as Mission-Critical Governance in 2026, argues that most ERM programmes are fundamentally misdirected because they focus on risk lists and control deficiency reporting rather than giving boards reliable insight into whether the organisation's most important objectives are actually being achieved.

Leech has 30 years of experience across risk governance, internal audit, and forensic accounting, and he co-authored early standards for the Canadian Standards Association on risk. His willingness to take on the GRC industry's orthodoxies, including the widely held view that ISO 31000 and COSO represent good enough frameworks, gives him a distinctive and often uncomfortable voice that the field benefits from hearing. His criticisms are not contrarian for the sake of it; they are grounded in decades of watching risk programmes fail to deliver value.

11. Richard Chambers

Richard Chambers is Founder and CEO of Richard F. Chambers & Associates and one of the most respected voices in internal audit and risk oversight globally. He served as President and CEO of The Institute of Internal Auditors for more than a decade, transforming it into the global standard-setting body for internal audit practice and significantly elevating the profession's engagement with risk governance. His book Trusted Advisors: Key Attributes of Outstanding Internal Auditors has become a reference for internal audit leadership development.

Chambers' LinkedIn presence and podcast appearances in 2025 and 2026 have focused consistently on how internal audit can demonstrate value to boards navigating complex risk landscapes, including the evolving governance implications of AI adoption. He has argued that internal audit functions face a generational choice: modernise their approach to risk-based auditing or risk becoming irrelevant as automated risk monitoring platforms take over the procedural aspects of what audit has traditionally delivered. His 2026 reflections on the IIA's evolving standards reinforce his continued centrality in the field.

12. Carol Williams

Carol Williams is an ERM Consultant at Strategic Decision Solutions, where she has spent more than 20 years helping organisations build risk management programmes that actually support decision-making rather than create compliance theatre. Her blog, ERM Insights by Carol, has become one of the most widely followed practitioner resources in enterprise risk management, consistently translating research and ideas from academics and high-profile practitioners into actionable guidance for the practitioners who work in mid-market and non-financial sector organisations.

Williams has published extensively on the integration of risk analysis into strategic decision-making, including a comprehensive exploration of the differences between traditional risk management and ERM that has remained one of the most-read articles in the field for years. Her interviews with practitioners including Hans Laessoe on the LEGO ERM model and her synthesis of Alex Sidorenko's work on quantitative decision analysis bring genuine practical depth to a space that often substitutes frameworks for thinking. Her LinkedIn engagement with the global risk community consistently elevates the quality of professional conversation.

13. Carole Switzer

Carole Switzer is Co-Founder and President of OCEG, the Open Compliance and Ethics Group, a global nonprofit think tank she co-founded in 2002 that now serves more than 120,000 members. OCEG's GRC Capability Model, known as the Red Book, is the most widely referenced open-source framework for integrated governance, risk, and compliance, and Switzer was its principal author. She is a GRC Professional Certificate holder and has an Honorary Life Membership of the Institute of Risk Management.

Switzer has presented OCEG's Principled Performance framework to audiences across North America, Europe, Latin America, and Asia. Her work has shaped how thousands of compliance, risk, and ethics professionals think about the integration of those three functions as something greater than the sum of their parts. Her sustained contribution to building the GRC profession as a recognised discipline, with its own standards, credentials, and community, places her among the founders of modern risk governance practice.

14. Alex Sidorenko

Alex Sidorenko is Head of Operational, Investment Risk and Insurance at Serra Verde Group, one of the world's largest niobium producers, and Founder of RISK-ACADEMY, one of the most widely used online platforms for practical risk management education. His Risk Awareness Week, an annual online event that brings together practitioners from over 120 countries, has established itself as a genuinely global gathering for the working risk management professional rather than an executive conference.

Sidorenko's free book on effective risk management, co-authored with Elena Demidenko, has been downloaded more than 150,000 times. His consistent argument that most corporate risk management is, in his words, "an embarrassment to the profession" because it fails to integrate with decision-making is provocative but well-evidenced. In 2021 he was named Risk Manager of the Year by FERMA. His LinkedIn posts, which combine practical methodology with the results of his own firm's applied work at Serra Verde, give him a rare blend of academic rigour and current practitioner credibility.

Category 3: Financial, Insurance and Broking Risk

Risk management as a professional discipline has its deepest institutional roots in banking, insurance, and financial services. The people in this category lead risk functions at major global financial institutions, shape the insurance and broking markets that absorb organisational risk exposures, and bring frameworks from financial risk into broader enterprise contexts. Their perspectives are shaped by regulatory pressure and capital discipline in ways that are instructive far beyond the financial sector.

15. Evgueni Ivantsov

Evgueni Ivantsov is Chairman of the European Risk Management Council, the coalition of risk management and compliance leaders he leads from London. He previously held senior risk roles at Lloyds Banking Group as Head of Portfolio Management and Strategy, and at HSBC as Head of Global Analytics and Head of Portfolio Risk for Europe. He is the author of Heads or Tails: Financial Disaster, Risk Management and Survival Strategy in the World of Extreme Risk.

Under his leadership, the ERMC has expanded from a UK and continental European network to include chapters in the Americas, Asia-Pacific, and as of February 2026, Australia, making it one of the few genuinely global risk leadership forums. His contributions to the Financial Times on systemic risk and crisis management, and his membership of the World Economic Forum's Advisory Group on Global Risks, give him a platform that reaches well beyond the banking sector. His 2026 moderation of a CRO panel at the Definitive Risk Conference in New York focused squarely on how risk functions can evolve into genuine centres of excellence.

16. Mark Kandborg

Mark Kandborg is Group Chief Risk Officer and Head of Group Risk at Nordea, the largest financial services group in the Nordic region and one of the biggest banks in Europe. He has worked at Nordea for more than 25 years in a series of senior roles including acting Chief Financial Officer, Head of Group Finance, and Head of Treasury and Asset and Liability Management before taking on the CRO role in April 2022.

He holds a master's degree in economics from the University of Copenhagen and carries the additional background of having served as a Captain in the Danish Army, a combination that brings structured decision-making under uncertainty into his professional risk perspective. He has spoken at RiskMinds International, one of the world's leading risk conferences for financial institutions, and his experience navigating the full range of financial, ESG, and operational risks inside a major pan-European bank makes him one of the most practically informed CRO voices currently active in the field.

17. Lucy Clarke

Lucy Clarke is President of Risk and Broking at WTW, one of the world's leading global advisory, broking, and solutions companies, a role she stepped into in July 2024 after more than 25 years in insurance and risk leadership at JLT Group and Marsh. At Marsh she was President of Marsh Specialty and Global Placement; at JLT she was CEO of JLT Global Specialty, the insurance and risk arm of the group. She is also a past President of the Insurance Institute of London.

Clarke keynoted RIMS RISKWORLD 2026 alongside Matthew Moore, speaking on the evolving landscape of risk management and its role in driving resilience, growth, and innovation. Her specific contribution to the risk conversation is her articulation of how broking strategy, specialisation, and client-side risk advisory are converging as companies face risks that do not fit neatly into existing insurance product categories. Her experience across specialty lines, including aviation, marine, and complex liability, gives her a genuinely broad picture of how risk is being transferred and retained in the current environment.

18. Nir Kossovsky

Nir Kossovsky is CEO of Steel City Re, a Pittsburgh-based firm specialising in parametric reputation risk insurance and advisory services, and author of Reputation, Stock Price, and You: Why the Market Rewards Some Companies and Punishes Others. He pioneered the development of indexed measures of reputational value and actuarially sound underwriting methods, holding more than a dozen patents in applied surface chemistry and medical sciences before bringing those analytical instincts to the measurement of intangible risk.

His contribution to risk management thought leadership is the argument that reputation risk is measurable, insurable, and manageable in ways that most corporate risk functions have not yet accepted. His regular contributions to publications including Risk and Insurance and CEOWORLD magazine, and his analysis of high-profile corporate reputation crises from Meta to Boeing, give him one of the most distinctive and consistently cited perspectives in the reputational risk space. Steel City Re now monitors approximately 7,800 entities globally and his work with Lloyd's of London syndicates has taken parametric reputation insurance into mainstream placement.

19. Rachelle Loyear

Rachelle Loyear is Vice President of Integrated Security Solutions at Allied Universal, one of the world's largest security and facility services providers, where she leads the company's Enterprise Security Risk Management approach to customer programme development. She is the author of three books, the most recent being Enterprise Security Risk Management (ESRM) in the Real World: A Field Guide for Security Leaders Who Get Things Done, published in May 2026.

Her contribution to the risk management field is the practical operationalisation of ESRM as a business-aligned discipline rather than a compliance-focused function. Her central framework, built around three questions, what needs to be protected, what it needs to be protected from, and how to protect it effectively and efficiently, gives security leaders a structure that integrates with organisational strategy rather than sitting beside it. She holds certifications as a Master Business Continuity Planner from DRII and as a Certified Information Security Manager from ISACA.

20. Andrea Bonime-Blanc

Andrea Bonime-Blanc is CEO and Founder of GEC Risk Advisory, a global governance, risk, ESG, ethics, and cyber strategy firm, and the author of multiple books including Gloom to Boom: How Leaders Transform Risk into Resilience and Value and Governing Pandora: Leading in the Age of Generative AI and Exponential Technology, published by Georgetown University Press in early 2026. She received her joint JD in Law and PhD in Political Science from Columbia University and was raised in Germany and Spain, giving her a genuinely multilingual and multicultural analytical frame.

Named to the NACD Directorship 100 in 2022 and the Diligent Governance 100 in 2023, she serves on several boards and advisory bodies including as Independent Ethics Advisor to the Financial Oversight and Management Board for Puerto Rico. Her LinkedIn posts in 2026 have focused heavily on the governance implications of AI and exponential technology, a topic she argues boards and C-suites are consistently underprepared for. Her framing of risk through the lens of ESGT, environmental, social, governance, and technology, has gained traction as a way of integrating risk categories that are usually managed in silos.

21. Matthew Moore

Matthew Moore is President of Liberty Mutual Global Risk Solutions, the commercial insurance division of Liberty Mutual, one of the world's largest global property and casualty insurers. He keynoted RIMS RISKWORLD 2026 alongside Lucy Clarke, sharing insights on the evolving landscape of risk management's role in driving resilience and competitive advantage for organisations navigating a period of extraordinary uncertainty.

His perspective, shaped by leading a large commercial insurance operation that prices and transfers risk across every industry and geography, gives him a data-informed view of how risk is actually materialising for corporations globally. The Liberty Mutual Global Risk Solutions business works with risk managers, brokers, and boards on some of the most complex risk transfer and risk engineering challenges in the market, and Moore's public statements on the intersection of insurance capacity, climate risk, and business resilience reflect the acute practical intelligence that comes from sitting at that intersection.

Category 4: Operational, Supply Chain and Quantitative Risk

Operational risk and supply chain risk have come to occupy an unexpectedly central place in executive thinking since 2020, when global supply chain disruption made abstract risk frameworks suddenly, viscerally concrete. The seven people in this category work at the intersection of systems thinking, quantitative methods, project risk, and the practical challenges of managing uncertainty across complex global operations.

22. Yossi Sheffi

Yossi Sheffi is Elisha Gray II Professor of Engineering Systems at MIT, Director of the MIT Center for Transportation and Logistics, and one of the world's leading authorities on supply chain risk and resilience. His book The Power of Resilience: How the Best Companies Manage the Unexpected is among the most cited works on organisational resilience in both academic and practitioner contexts. His 2023 book The Magic Conveyor Belt examines how AI and automation are transforming supply chain management at a structural level.

In March 2026, the Risk and Resilience Hub shared his article arguing that reliable access to electric power has become an emerging and systematically underestimated supply chain threat as data centres expand and energy grid pressures intensify. That kind of forward-looking operational analysis, identifying risks before they appear on standard risk registers, is precisely what makes Sheffi one of the most valuable supply chain voices for any risk leader watching the convergence of physical and digital infrastructure risks. He founded or co-founded five successful companies alongside his research career.

23. Doug Hubbard

Doug Hubbard is President of Hubbard Decision Research, which he founded in 1999 around the Applied Information Economics methodology, a quantitative decision analysis framework that he has since applied to IT investments, military logistics, entertainment media, and major policy decisions. His book How to Measure Anything: Finding the Value of Intangibles in Business is among the most influential methodological texts for risk practitioners who work with intangible or apparently immeasurable risk factors.

His co-authored book with Richard Seiersen, How to Measure Anything in Cybersecurity Risk, brought the AIE methodology directly to cyber risk quantification at a moment when the cybersecurity field was moving from qualitative red-amber-green risk matrices toward probabilistic models. His most recent LinkedIn activity in 2025 and 2026 focuses on the quantification of AI risk, an area where the gap between qualitative assessment and rigorous probabilistic analysis is particularly acute. His argument that risk matrices actively mislead decision-makers is well-supported by research and continues to gain traction.

24. David Hillson

David Hillson is The Risk Doctor, internationally recognised as one of the world's leading authorities on the theory and practice of risk management. Over a 35-year consulting career that took him to clients in more than 60 countries, he developed an approach to risk management that is simultaneously intellectually rigorous and practically accessible. He has received multiple awards for his contributions to the field, including recognition from the Project Management Institute, and his innovations have been adopted into mainstream risk management practice globally.

Since retiring from active consulting in 2020, Hillson has focused on making his lifetime's work available through books, papers, presentations, and videos. His most recent output includes frameworks for understanding risk appetite, risk culture, and the integration of risk management into leadership decision-making at the board level. His fifteen books include Practical Project Risk Management, Making Risky and Important Decisions (with Ruth Murray-Webster), and The Risk Management Handbook. His motto, "understand profoundly so you can explain simply," reflects a rare ability to make complex risk ideas genuinely usable.

25. Grant Purdy

Grant Purdy is the leading figure behind Australian risk management's unique and influential contribution to global standards development. As co-author of the 2004 version of AS/NZS 4360, the Australian and New Zealand risk management standard that became the intellectual precursor to ISO 31000, and as the nominated Australian expert on the working group that wrote ISO 31000 itself, Purdy played a direct role in creating the risk management standard that now governs practice in most countries. He chaired the Standards Australia and Standards New Zealand Joint Technical Committee on Risk Management for seven years.

Through Sufficient Certainty Pty Ltd and his co-authored book Deciding (with Roger Estall), Purdy has developed a provocative argument that the standard "risk management" construct has fundamentally failed because it cannot deliver effective decision-making. The book, and his prolific LinkedIn engagement, argues that the language of risk is itself a barrier to good decisions and that organisations should focus instead on achieving sufficient certainty about their objectives. Whether or not one agrees, the argument is serious, well-reasoned, and deserves engagement from anyone who cares about whether risk management actually works.

26. Diana Del Bel Belluz

Diana Del Bel Belluz is a Toronto-based risk management consultant whose workshops at RISK AWARENESS WEEK have made her one of the most recognised practical educators in the field. Her work focuses on the integration of risk management into organisational decision-making at both the strategic and operational level, drawing on her experience advising organisations across government, financial services, and the non-profit sector in Canada and internationally.

She has contributed original thinking on how risk professionals can build the internal relationships and communication skills needed to make risk conversations happen at the executive level, addressing a persistent gap between risk function expertise and organisational influence. Her LinkedIn engagement with the global practitioner community, particularly through RISK AWARENESS WEEK and her own writing, has built her a genuinely international following among working risk professionals who value substance over profile.

27. Mark Beasley

27. Dorothy Gjerdrum

Dorothy Gjerdrum is Executive Director of Arthur J. Gallagher's Risk Management Practice, one of the largest insurance brokerage and risk management firms in the world, and a past Chair of RIMS, the Risk and Insurance Management Society. She has more than 25 years of experience building enterprise risk management programmes across complex, multi-jurisdictional organisations including the State of Washington, where she served as Risk Manager.

Her contributions to the RIMS-CRMP credential development and her role in advancing the professional recognition of risk management as a distinct discipline have shaped how the field presents itself to boards and C-suites. Her perspective on public sector risk management, where political pressure, resource constraints, and accountability to citizens create genuinely different risk governance challenges than those faced by private sector organisations, fills a gap that most ERM frameworks do not address adequately.

28. Sheila Penrose

Sheila Penrose serves on the board of Caterpillar Inc. and has served on the boards of multiple S&P 500 companies, with a particular focus on risk oversight and audit committee governance. As a former Director of Risk Management and Internal Audit at Jones Lang LaSalle, she brings a deep practical understanding of how risk conversations should function at the board level, what information boards genuinely need, and where most executive risk reporting fails to provide it.

Her work on board-level risk governance reflects the growing recognition that risk management is ultimately a board responsibility rather than a management function, and that the quality of risk oversight at the board level varies enormously even among major public companies. Her experience on both sides of the board-management boundary gives her a perspective on enterprise risk that is harder to find than it should be in the public conversation about risk governance.

Category 5: ESG, Geopolitical and Systemic Risk

Environmental, social, and governance risk has moved from the periphery to the centre of corporate risk management in the past decade. Alongside ESG, geopolitical risk has re-emerged as a primary concern for boards and executives after years of being dismissed as background noise. The seven people in this category work at the intersection of these systemic risk dimensions, bringing frameworks for thinking about risks that are genuinely hard to quantify but impossible to ignore.

29. Michele Wucker

Michele Wucker is the author of The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, a book that introduced the concept of the gray rhino, a highly probable, high-impact yet neglected threat, into mainstream risk and policy discourse. The concept has been adopted by the World Economic Forum, Chinese state policy documents, and risk frameworks across multiple industries as a counterpoint to the black swan framework's focus on the unexpected. Wucker is CEO of Gray Rhino & Company.

Her contribution to risk thinking is the uncomfortable observation that most major organisational and societal crises are not genuinely surprising. They are the product of deliberate or unconscious choices to ignore risks that are visible, well-documented, and explicitly discussed by someone before they materialise. That insight reframes risk management from a prediction problem to a decision-making and organisational culture problem. Her LinkedIn posts and speaking engagements in 2025 and 2026 have applied the gray rhino framework to AI governance, geopolitical trade risk, and climate transition.

30. Ian Bremmer

Ian Bremmer is Founder and President of Eurasia Group, the world's leading political risk research and consulting firm, and one of the most widely cited analysts of geopolitical risk in the world. His books The J Curve, The End of the Free Market, and Us vs. Them: The Failure of Globalism have placed him among the most accessible academic voices on the political dimensions of risk that corporate risk functions have historically underweighted. Eurasia Group's Top Risks annual report is among the most read risk documents in corporate boardrooms globally.

His contribution to enterprise risk management thinking is the sustained argument that political risk is not a peripheral or unpredictable add-on to standard risk frameworks but one of the most consequential and foreseeable risk categories facing multinational organisations. The rise of geopolitical fragmentation documented in the WEF's 2026 Global Risks Report reflects a risk environment that Bremmer has been describing and anticipating for more than a decade. His accessibility as a communicator makes complex geopolitical dynamics legible to executives who are not specialists in international relations.

31. Saadia Zahidi

Saadia Zahidi is Managing Director at the World Economic Forum, where she leads the work on the Global Risks Report, the most widely referenced annual assessment of systemic global risks used by governments, corporations, and multilateral institutions. The 2026 edition, which she oversaw, introduced the framing of an "age of competition" to describe a world in which the convergence of geopolitical confrontation, technology disruption, and environmental risk is creating a more fragmented and less predictable operating environment than at any point since the Cold War.

Her quote in the 2026 report, that "the future is not a single, fixed path but a range of decisions we make today as a global community," reflects her broader intellectual contribution to risk discourse: that systemic risks are not merely things that happen to organisations but patterns that emerge from collective decisions, which means they can be influenced as well as anticipated. Her leadership of the WEF's Centre for the New Economy and Society has positioned her as one of the most influential connectors between risk research and policy action.

32. Knut Haanaes

Knut Haanaes is Professor of Strategy at IMD Business School in Lausanne, Switzerland, and one of Europe's most respected voices on strategic risk and organisational resilience. His research examines how companies navigate deep uncertainty, including how they balance exploration of new opportunities against exploitation of existing advantages, a tension at the heart of organisational risk-taking. He is a former Senior Partner at Boston Consulting Group and BCG's Global Expert on Sustainability and Strategy.

His IMD executive education work and public writing on strategic risk has shaped how European boards think about managing uncertainty at the level of competitive strategy rather than just operational controls. His background bridging academic research and management consulting gives him a perspective on risk that is rare, one that has been tested against the reality of advising boards in complex, uncertain environments while also being refined through rigorous research.

33. Aarti Bhansali

Aarti Bhansali is Head of ESG and Sustainability Risk at Nasdaq, where she works on the integration of environmental, social, and governance risk factors into the risk frameworks that financial markets use to assess and price risk. Her background spans the regulatory, technical, and market infrastructure dimensions of ESG risk, making her one of the few people who can speak credibly across all three simultaneously.

Her work reflects the broader shift in risk management toward treating ESG factors not as a reporting exercise but as material risk inputs that should influence capital allocation, strategic planning, and board oversight decisions. The ongoing regulatory development of ESG disclosure requirements across multiple jurisdictions, including the SEC's expanded climate disclosure rules and the EU's CSRD framework, makes her expertise in how market infrastructure should process and transmit ESG risk information increasingly consequential for every organisation that accesses capital markets.

34. Nick Silitch

Nick Silitch is the former Group Chief Risk Officer at Prudential Financial, one of the largest financial services companies in the world, where he oversaw enterprise-wide risk management during a period of extraordinary market volatility and regulatory change. He has appeared in European Risk Management Council interviews discussing the governance challenges of AI adoption for financial risk functions and the evolution of the CRO role from a technical risk specialist to a strategic advisor to the board.

His contribution to the conversation about how large financial institutions manage the intersection of financial, operational, and systemic risk reflects decades of experience inside one of the most risk-sophisticated organisations in the industry. His public engagement through ERMC events and his participation in global risk leadership forums give him a visibility and influence that extends well beyond the financial services sector into the broader enterprise risk management conversation.

35. Gayle Smith

Gayle Smith is CEO of The ONE Campaign, the advocacy organisation co-founded by Bono and Bob Geldof focused on extreme poverty and disease, and a former administrator of USAID under President Obama. Her career at the intersection of development finance, humanitarian risk, and geopolitical risk management gives her a perspective on global systemic risk that is impossible to replicate from inside a corporate risk function. Her understanding of how risk materialises differently across political systems, development contexts, and humanitarian crises informs thinking that corporate risk leaders rarely access.

Her work on the relationship between poverty, climate vulnerability, and systemic risk reflects an understanding of risk interdependence that the private sector risk management community is only beginning to incorporate into its frameworks. The inclusion of a voice from the international development sector on a risk management list is deliberate: the most consequential risks organisations face in the coming decade, including food insecurity, population displacement, and the political fragmentation driven by inequality, are risks that the humanitarian sector has been managing, and learning from, for decades.

Category 6: Emerging Technology and Cyber Risk

No category in risk management has grown faster or generated more anxiety among boards and executives than technology risk, and specifically the convergence of cyber risk, AI governance, and digital operational resilience. The seven people in this category are building the frameworks, conducting the research, and doing the advisory work that helps organisations manage risk categories that are genuinely new, where the uncertainty is structural rather than just statistical.

36. Sara Rathner

Sara Rathner is Head of AI Risk and Governance at Mastercard, where she leads the development of the risk management frameworks that one of the world's largest payment networks applies to AI adoption, model risk, and algorithmic decision-making. Her role sits at the intersection of financial regulation, AI governance, and enterprise risk, making her one of the most practically positioned voices on what responsible AI risk management actually looks like inside a systemically important financial infrastructure provider.

Her contribution to the emerging field of AI risk governance reflects the practical challenge of building governance frameworks for technologies that evolve faster than any standard can track. The SEC's 2026 examination priorities, which have elevated AI-related operational risk to a primary regulatory concern alongside cybersecurity, make her expertise directly relevant to every organisation using AI for material decisions. Her work inside a major financial institution that is itself both a user and a facilitator of AI across millions of daily transactions gives her a scale of practical experience that academic or advisory-only voices cannot replicate.

37. Kayne McGladrey

Kayne McGladrey is a cybersecurity practitioner and Field CISO at Hyperproof, where he advises organisations on how to build governance structures that manage cyber risk as a business risk rather than a purely technical one. He is recognised by Thinkers360 as a top cybersecurity influencer and has built a substantial LinkedIn following through posts that consistently connect cybersecurity risk to the business and governance decisions that actually determine how well organisations manage it.

His core message, that cybersecurity risk governance requires speaking the languages of both business and technology, and that most cyber failures are governance failures before they are technical failures, resonates deeply with risk managers who are trying to translate cyber exposure into board-ready language. His contributions to policy discussions and his writing on how AI is changing the threat landscape make him one of the most accessible and practically useful voices in the cyber risk space for enterprise risk leaders who are not cybersecurity specialists themselves.

38. Gary Hayslip

Gary Hayslip is Chief Information Security Officer at Softbank Investment Advisers and a published author and speaker whose books on cybersecurity leadership, including CISO Desk Reference Guide (co-authored with Bill Bonney and Matt Stamper), have become standard references for security executives building enterprise risk management approaches to cyber. His experience spans military, government, and private sector CISO roles, giving him a perspective on cyber risk governance that is unusually broad.

His LinkedIn presence and public speaking focus on the evolution of the CISO role from a purely technical function to a risk leadership role with direct accountability to the board and CEO. He argues that the organisations that manage cyber risk most effectively are those that have made the CISO a genuine partner in enterprise risk governance rather than a technical specialist who reports up through IT. That argument has become more urgent as regulatory frameworks in the US, EU, and globally have made board-level accountability for cyber risk explicit and enforceable.

39. Christophe Dembik

Christophe Dembik is Senior Investment Advisor at Pictet Asset Management in Switzerland, where he analyses macro and geopolitical risk from the perspective of capital markets. His public commentary, which reaches audiences across European financial media and LinkedIn, focuses on how geopolitical risk, central bank policy, and structural economic uncertainty translate into portfolio and enterprise risk decisions.

His contribution to the risk management conversation is a macro-level perspective on how the risks documented in frameworks like the WEF Global Risks Report actually manifest in the financial and operational environment that organisations navigate daily. His regular analysis of European and global economic risk, including the implications of the geopolitical fragmentation documented in the 2026 WEF report, gives risk managers a current-market context that pure enterprise risk frameworks do not provide.

40. Monica Verma

Monica Verma is a cybersecurity thought leader, keynote speaker, and consultant based in Norway whose work focuses on the integration of cybersecurity, AI risk, and organisational leadership. She advises organisations across Europe on how to build risk-aware cultures around digital and cyber threats, and her LinkedIn posts on cyber risk governance, AI ethics, and the human dimensions of security consistently engage audiences far beyond the technical security community.

Her contribution to the risk field is the sustained argument that cybersecurity risk is ultimately a human and cultural challenge rather than a technical one, and that governance frameworks that focus solely on controls and compliance miss the fundamental driver of most security failures, which is human behaviour and organisational culture. Her work bringing leadership development thinking into the cybersecurity risk space reflects a convergence that the most sophisticated enterprise risk functions are now pursuing. Representing Nordic risk leadership and women's voices in a field that remains disproportionately male, she fills a gap the list benefits from filling.

41. Richard Seiersen

Richard Seiersen is a data scientist, security leader, and co-author of How to Measure Anything in Cybersecurity Risk with Doug Hubbard, the book that brought rigorous probabilistic methods to cybersecurity risk quantification and challenged the industry to move past traffic-light risk matrices toward measurement approaches that are actually defensible. He is General Manager of Security at Resilience, a cyber risk insurance and security advisory firm.

His contribution to the cyber risk management conversation is his sustained argument, backed by Hubbard's Applied Information Economics methodology, that the standard industry approach to cybersecurity risk assessment is not merely imprecise but actively counterproductive because it creates a false sense of measurement rigour without the statistical validity that would make risk quantification useful for decision-making. His work with Resilience puts him at the intersection of cyber risk transfer and risk quantification in a way that is unique in the field.

42. Kelly Bissell

Kelly Bissell is Global Managing Director for Security at Accenture, where he leads the company's global cybersecurity practice serving clients across every industry. His annual contributions to the Accenture State of Cybersecurity Resilience report have consistently provided some of the most rigorously sampled data available on how organisations globally are managing cyber risk, where programmes are succeeding, and where they are failing despite significant investment.

His perspective on the convergence of cybersecurity risk and broader enterprise resilience reflects the view from inside one of the largest cybersecurity advisory practices in the world. His writing and speaking in 2025 and 2026 have focused heavily on AI-driven threat escalation and the challenge of building governance frameworks that can keep pace with attacker capability improvements that are themselves being accelerated by AI. His breadth of client exposure across regulated industries gives his analysis a cross-sector empirical foundation that single-company practitioners cannot match.

Category 7: Educators, Standards Architects and Next-Generation Voices

The people in this final category are doing the work of building the field itself, whether through education and professional development, through contribution to the standards and frameworks that shape global practice, or through the emerging voices that will define risk management's next decade. Some are well-established educators whose influence is felt in how thousands of practitioners think about their work. Others are newer voices whose original thinking is beginning to reshape conversations that have been too static for too long.

43. Carol Fox

Carol Fox is Vice President of Strategic Initiatives at RIMS, the Risk and Insurance Management Society, the leading professional association for risk managers in the United States and globally. She has been instrumental in developing RIMS' professional development programmes, including the RIMS-CRMP credential, and has contributed extensively to the body of knowledge that defines what a qualified risk manager is expected to know and be able to do.

Her work at RIMS has also focused on documenting and sharing best practices in risk management across diverse industry sectors, producing research and benchmarking studies that give individual risk practitioners a comparative picture of how their organisations' risk programmes stack up against the broader professional community. Her contributions to RIMS Risk Knowledge have been cited widely by practitioners and academics seeking to understand the state of the art in enterprise risk management practice.

44. Tony Merna

Tony Merna is a risk management educator, author, and independent consultant whose textbook Corporate Risk Management, co-authored with Faisal Al-Thani, is one of the most widely used academic texts in risk management courses at the graduate and executive education level globally. The book covers project risk, operational risk, financial risk, and strategic risk within a unified framework that gives students and practitioners a comprehensive map of how risk categories interrelate.

His contribution to the field is primarily educational in the best sense, providing future risk professionals with the conceptual vocabulary and analytical frameworks they need to engage with the full complexity of enterprise risk. His sustained focus on making risk management intellectually rigorous while keeping it practically usable reflects the challenge at the heart of good risk education, and his books have shaped the thinking of a generation of practitioners across the UK, Middle East, and Asia.

45. Rania Aziz

Rania Aziz is a risk management professional and LinkedIn voice whose posts on ERM implementation, risk culture, and the practical challenges of building risk programmes in organisations that are not yet risk-mature have built her a substantial following across the Middle East, Africa, and South Asia. Her work bridges the gap between the high-level frameworks produced by standard-setting bodies and the day-to-day reality of risk management in organisations that are building their risk capability for the first time.

Her contribution to the global risk management conversation is specifically the under-served perspective of risk practitioners in markets where ERM is still a relatively new discipline and where the standard frameworks, developed in the context of large Western financial institutions, do not always map cleanly onto local organisational realities, regulatory environments, and cultural norms around risk communication. Voices like hers are essential for a field that needs to be genuinely global rather than simply Anglo-American with translation.

46. Faisal Al-Thani

Faisal Al-Thani is a risk management author and educator who co-authored Corporate Risk Management with Tony Merna, making him one of the small number of non-Western academics to have produced a globally recognised ERM textbook. His work contributes a perspective on risk management that draws on both Western frameworks and the specific governance, regulatory, and cultural contexts of organisations in the Gulf region and broader Middle East.

His contribution to risk education reflects the importance of building a genuinely diverse intellectual community in risk management, one where frameworks developed in one context are tested against the reality of others. The risk challenges facing organisations in Gulf states, including navigating rapid economic diversification, managing state-owned enterprise governance, and building risk cultures in high-power-distance organisational contexts, require thinking that goes beyond what most Western ERM texts provide.

47. Brigitte Bouquot

Brigitte Bouquot is former President of AMRAE, the Association for Risk and Insurance Management in France, one of the largest national risk management associations in Europe, and a former Chief Risk Officer at Thales Group, a global technology and defence company. Her contribution to the European risk management landscape has been sustained and substantial, spanning practitioner leadership at a major industrial company, association leadership at a national level, and participation in international risk management standards development.

Her perspective on how risk management functions inside large technology and defence organisations, where risk categories span classified systems, international regulatory environments, export controls, and reputational risks that operate at a nation-state level, fills a gap in the standard risk management literature that tends to focus on financial services. Her public writing and speaking on the evolution of the CRO role in European industrial companies reflects both her practical experience and her engagement with the academic and standards communities.

48. Hanna Sarraf

Hanna Sarraf is Group Chief Risk Officer at BankMed, one of the leading financial institutions in Lebanon, and a voice the European Risk Management Council has featured in its discussions of risk management priorities across financial institutions in the Middle East and North Africa. Her work reflects the particular challenges of managing bank risk in an environment defined by political volatility, currency instability, and regulatory complexity that most Western risk frameworks were not designed to handle.

Her contribution to the global risk management conversation is the perspective of a practitioner who has managed genuine systemic risk in conditions of real institutional fragility, not the stylised fragility of scenario planning exercises. That kind of hard-won practical experience, managing a major financial institution's risk function through genuine crisis conditions, produces insights about the limits and possibilities of risk management that are difficult to derive from more stable contexts. Her participation in ERMC forums has brought that perspective to a global audience.

49. Terje Aven

Terje Aven is Professor of Risk Analysis and Risk Management at the University of Stavanger in Norway and one of the most cited academics in the field of risk science. His research on the foundations of risk assessment, risk perception, and risk governance has contributed original theoretical frameworks that underpin much of the academic literature on how organisations should think about and manage risk. He is editor of the journal Reliability Engineering and System Safety and has published more than 300 journal articles.

His book Foundations of Risk Analysis provides a rigorous treatment of what risk actually is as a concept, a question that practitioner frameworks often sidestep. His work on the relationship between objective risk measurement and subjective risk perception, and his contributions to the ISO 31000 standards revision process, make him one of the few people who has had real influence on both the academic foundations of risk science and the practical standards that practitioners use. His Nordic perspective on risk governance, which emphasises systemic thinking over compliance, is a valuable counterpoint to Anglo-American frameworks.

50. Caitlin Tolley

Caitlin Tolley is a risk management professional and LinkedIn voice whose posts on operational risk, risk culture, and the practical application of risk frameworks inside organisations have built a following among early and mid-career risk practitioners who find most public risk management discourse inaccessible or disconnected from their daily reality. Her contribution is the democratisation of risk thinking, making frameworks like ISO 31000, COSO, and ERM methodology legible to practitioners who are building risk programmes from the ground up without access to large professional development budgets.

Her accessible communication style and her genuine engagement with the professional community she writes for reflect a commitment to building the next generation of risk practitioners rather than just serving the already-established elite. In a field where most public intellectual activity is directed at CROs and boards, voices that are building the capability of the broader practitioner community are as important as the headline names.

Notable Voices We Almost Included

Several voices came very close to the list but were ultimately set aside for reasons of disciplinary or geographic overlap. The risk management space has deep wells of talent, and a list of 50 always involves difficult choices. The household names who appear on every conference programme in the risk space, including names familiar from the mainstream management literature, were deliberately set aside in favour of voices whose specific contribution to risk management is more direct and more primary. The goal was never to assemble the most famous people adjacent to the risk field but to surface the voices who are genuinely shaping it.

Common Mistakes to Avoid When Thinking About Risk Management

The most persistent mistake in organisational risk management is treating it as a compliance function rather than a decision-support function. When risk management exists primarily to produce documentation that satisfies regulators or auditors, rather than to help executives and boards make better decisions under uncertainty, it fails at its primary purpose. The people on this list have spent their careers arguing against this reduction of the discipline to paperwork. Their frameworks consistently insist that risk management earns its place only when it improves the quality of the decisions that actually matter.

A closely related mistake is mistaking the risk register for the risk management programme. Risk registers are tools, not programmes. An organisation that has a comprehensive risk register but no genuine process for using that register to inform decisions, allocate resources, or change behaviour has invested in documentation without investing in capability. Tim Leech, Norman Marks, and Alex Sidorenko have each made versions of this argument independently, and the consistency of the critique across different practitioners from different countries and different frameworks suggests it reflects a genuinely widespread failure mode.

A third common mistake is under-investing in the cultural and communicative dimensions of risk. Risk culture, the set of shared values, beliefs, and norms that determine how an organisation actually talks about and responds to risk, is widely acknowledged as one of the most consequential variables in determining risk management outcomes. Yet it is also the dimension most frequently treated as a nice-to-have add-on rather than a core programme element. The work of building a culture where honest risk conversations can happen, where bad news surfaces early, and where accountability systems create the right incentives for risk-aware behaviour, is leadership work rather than risk function work, and it sits at the intersection of what the people on this list do and what Jonno White helps leadership teams build. For organisations wanting support on the leadership and cultural side of risk governance, email jonno@consultclarity.org.

Finally, the mistake of treating risk as exclusively negative continues to limit how organisations use their risk functions. The WEF's 2026 Global Risks Report explicitly frames uncertainty as producing both risks and opportunities. Nassim Taleb's antifragility concept, Grant Purdy's decision-making framework, and James Lam's work on balancing risk and return all argue that organisations that manage risk purely defensively miss the positive case for risk capability: the ability to take calculated risks faster and with more confidence than competitors who are either flying blind or paralysed by excessive caution.

How to Build a Risk-Aware Leadership Team

Building a risk-aware leadership team starts with giving the team a common language for talking about uncertainty. This does not require a full ERM programme from day one. It requires that the people at the top of the organisation share enough conceptual vocabulary to have genuine conversations about what they do and do not know, what they are and are not willing to risk, and how confident they are in their current plans under different scenarios.

The first practical step is to run a structured risk conversation, not a risk register exercise but a genuine facilitated discussion about the organisation's most important objectives and the uncertainties that most threaten or enable them. This conversation should surface divergent views. If everyone in the room agrees immediately, either the risks are genuinely well-understood or the culture does not yet support honest disagreement, and the facilitator's job is to find out which. Bring in the right frameworks from the outset. Nassim Taleb's barbell thinking, James Lam's risk-return framing, Michele Wucker's gray rhino concept, and the COSO ERM integration with strategy are all legitimate starting points depending on the organisation's context and maturity.

The second step is to connect risk conversations to decision calendars. Risk management that is not integrated into the moments when decisions are actually made, budget cycles, strategic planning, major investment approvals, and talent decisions, is risk management that does not get used. Mark Beasley's research consistently shows that organisations where risk oversight is integrated with strategy setting have materially higher ERM maturity than those where risk is assessed separately from strategy.

The third step is to invest in the risk culture, not just the risk process. This means making it safe to surface bad news, rewarding the team member who identifies an emerging risk early rather than the one who quietly closes it off, and building the accountability structures that make risk-aware behaviour the path of least resistance rather than the path of most courage. This is leadership work first and risk management work second.

For leadership teams that need support building the internal communication, accountability, and team dynamics that allow risk culture to actually function, Jonno White works globally with executive teams across corporates, schools, and nonprofits. His Working Genius facilitation helps teams understand how each member naturally contributes to six types of work, including the wonder and discernment dimensions that are directly relevant to how organisations surface and respond to risk. Email jonno@consultclarity.org. International travel is often far more affordable than clients expect.

Frequently Asked Questions

What is enterprise risk management and how does it differ from traditional risk management?

Enterprise risk management takes a holistic, organisation-wide view of all categories of risk, financial, operational, strategic, reputational, and compliance, and integrates risk oversight with strategy setting and performance management. Traditional risk management tends to operate in functional silos, with insurance covering property and liability, IT security covering cyber, and finance covering financial exposure. ERM links those silos through common governance, a unified risk appetite statement, and consistent reporting to the board. The COSO ERM Framework and ISO 31000 are the two most widely used reference standards for ERM globally.

How do organisations build a risk-aware culture?

A risk-aware culture develops when leaders consistently model risk-informed decision-making, when the organisation rewards early identification of emerging risks rather than penalising the messenger, and when accountability structures make risk-aware behaviour the natural default rather than an exceptional act of courage. Tone from the top is necessary but not sufficient. Middle management behaviour, which is where most risk-relevant decisions are actually made, matters as much as board-level statements. Building the leadership conversations and team dynamics that allow risk culture to take hold is leadership development work as much as it is risk management work.

Which risk management frameworks should organisations use?

The choice of framework depends on the organisation's industry, size, regulatory environment, and risk maturity. ISO 31000 is the most widely applicable international standard and works across all organisation types. COSO ERM is particularly well-suited to organisations in regulated industries and those that need to demonstrate integrated risk and strategy oversight to boards and audit committees. The OCEG GRC Capability Model is useful for organisations managing the governance, risk, and compliance convergence specifically. No framework substitutes for the organisation's own clear thinking about what risks actually matter to its objectives.

What skills does a modern Chief Risk Officer need?

The modern CRO needs the analytical capability to assess risk quantitatively and qualitatively, the communication skills to translate risk insight into executive and board language, the strategic perspective to connect risk management to the organisation's competitive position, and the leadership capability to build a risk-aware culture across the organisation rather than within the risk function alone. The CRO role has expanded significantly in the past decade, from a technical specialist to a strategic partner to the CEO and board. McKinsey's 2025 analysis of CRO talent pipelines identified communication, strategic influence, and AI literacy as the three fastest-growing capability gaps in the function.

How is AI changing risk management?

AI is changing risk management in two distinct and sometimes conflicting directions simultaneously. On the capability side, AI is enabling real-time risk monitoring, predictive modelling, and automated control testing that would have been computationally impossible a decade ago. On the governance side, AI introduces its own risk categories, including model risk, algorithmic bias, data governance failures, and the novel liability exposures documented in the SEC's 2026 examination priorities. The organisations managing this most effectively are those that are using AI to improve their risk monitoring while simultaneously building the governance frameworks that manage AI's own risk profile.

Final Thoughts

Risk management has never been more consequential than it is in 2026. The convergence of geopolitical fragmentation, AI-driven uncertainty, ecological risk, and digital infrastructure vulnerability is producing a risk landscape that no single framework or function can manage alone. The fifty people on this list have spent their careers building the tools, the frameworks, the vocabulary, and the professional community that organisations need to navigate that landscape intelligently.

What unites them, across all their differences in geography, methodology, sector, and intellectual tradition, is a shared commitment to the idea that organisations can and should be better at managing uncertainty than they currently are. Not through more documentation, more heat maps, or more compliance theatre, but through genuinely better decisions, made by people who understand what they do and do not know and who have built the culture and structures to act on that understanding.

The leadership conversations that determine whether risk management actually works inside an organisation, the conversations about performance, accountability, team dynamics, and what it actually means to lead under uncertainty, are the conversations Jonno White works with leadership teams to build the capacity to have. Bring Jonno in to work with your executive team on the cultural and communicative foundations of genuine risk awareness. Email jonno@consultclarity.org. Whether face to face or virtual, international travel is often far more affordable than clients expect.

About the Author

Jonno White is a Certified Working Genius Facilitator, author of Step Up or Step Out, and leadership consultant who has worked with schools, corporates, and nonprofits around the world. His book Step Up or Step Out has sold over 10,000 copies globally, and his podcast The Leadership Conversations has featured 230+ episodes reaching listeners in 150+ countries. Jonno founded The 7 Questions Movement with 6,000+ participating leaders and achieved a 93.75% satisfaction rating for his Working Genius masterclass at the ASBA 2025 National Conference. Based in Brisbane, Australia, Jonno works globally and regularly travels for speaking and facilitation engagements. Organisations consistently find that international travel is far more affordable than expected.

To book Jonno for your next keynote, workshop, or facilitation session, email jonno@consultclarity.org.

Sources

World Economic Forum (2026). Global Risks Report 2026. World Economic Forum, Geneva.

Protiviti (2026). Executive Perspectives on Top Risks 2026. Protiviti.

Allied Universal (2026). World Security Report 2025. Allied Universal.

Next Read

Crisis and risk management share many of the same foundational challenges. If you found this list useful, the companion directory of thought leaders in crisis management covers fifty of the most important voices in how organisations prepare for, respond to, and recover from crises at the intersection of risk and operational resilience.