Make work visible
Risks, decisions, assumptions and dependencies are made explicit early and often. Simple, honest views beat complex dashboards that don’t change behaviour.
Methodology
My approach sits between PMO discipline, GRC structure and product thinking. The aim is to make AI and data work ambitious, but never out of control.
Connect compliance to delivery
DPIAs, data maps and policies only matter if they show up in user stories, ACs and DoD. I push GRC work into the same backlog engineers and QA live in.
Design for traceability
For AI and data systems, explanations matter. Decisions are captured in a way leadership, auditors and regulators can follow six months later.
Keep humans in the loop
Tools and policies don’t run programs. I look for where human judgment is essential and make sure those people are present and empowered.
Respect constraints
Regulations, risk appetite and internal policies are design boundaries. Inside those, teams can still move quickly — as long as they know the edges.
Close the loop
Incidents, near-misses and successes all feed back into governance. The operating model is updated based on what actually happened, not what was assumed.