The compliance manager is a critical role in any organization that has a security and compliance program in place. The success of your annual compliance assessments — and the success of your cybersecurity protection — depends on having the right person in place to steer the ship and direct the staff.
Any time that you add a new compliance certification to your organization, it requires a skilled veteran who knows how to get up and running quickly and effectively. Otherwise, you risk all kinds of delays, confusion, and chaos. If a big contract with a new customer depends on that certification, an underskilled compliance manager could put that contract at risk.
Need to be sure your company has an effective compliance manager in place to help you stay protected and running efficiently? Look for these critical skills and qualities.
Related: Little Compliance Management Skills That Make a Big Impact
Breadth of Experience
One of the most important essentials of a successful compliance manager is having breadth and depth of experience. Look for individuals who have managed a number of different compliance standards. Having the breadth of standards like PCI, ISO, SOC, HIPAA, and NIST under their belt means they’ve been exposed to a whole gamut of scenarios and challenges, and they’ve been battle tested.
It’s ideal if they have been doing work against a compliance standard that has a broad footprint on the organization. ISO, SOC, and PCI engagements potentially have a scope that covers the breadth of the entire organization and not a limited set of departments. That type of experience will go a long way to arming someone for the depth of skills that the most effective compliance managers have.
Also look for an exposure to compliance engagements at a number of organizations. No two companies are alike, and the more organizations a compliance manager has been exposed to, the more expertise they’ll bring to the table.
Exceptional Organization
Most compliance engagements have a lot of chaos, and the compliance manager can often feel like they’re trying to keep 250 plates spinning. It takes a skilled individual to effectively handle all of the moving parts, complexities, and personalities.
Your compliance manager must be able to bring order out of chaos. One of the greatest threats to a successful annual assessment is a disorganized compliance engagement. If your compliance manager can’t keep your company’s act together, you could find that your Assessor doesn’t sign off on the reports.
Being able to effectively manage the complexity of your compliance engagement is critical.
There’s also the ability to multitask. Your compliance manager should be able to handle high volumes of elements coming at them that need to be processed. Questions come at them from every direction, and they’ll need to be able to give their attention to those issues without dropping the ball on their regular responsibilities or any of the plates they already have spinning.
Communication Skills
Compliance managers are continually dealing with people at all levels of technical capability — everybody from C-level executives to legal to HR, to technology vendors to various gearheads doing everything from vulnerability management patching to server administration.
Interaction is continuous between compliance managers and various members of the team, working with everyone from the least technical people to the most technical people in the organization. They need to be able to effectively adjust their communication styles fluidly based on their audience.
It’s a rare skill to be able to adjust along the whole spectrum, but it’s an essential one for an effective compliance manager to master.
On top of that, a compliance manager will find that their patience is tested on a daily basis. They deal with all sorts of frustrations — technical, process, and personnel related. For example:
- Some personnel won’t do what they’re assigned to do.
- Others will ask the same question several times.
- Delays will happen that could have been avoided.
- Interruptions will constantly divert attention from compliance work.
Through it all, the compliance manager needs to keep their cool and be an effective communicator.
Tone of communication is important. You’ll generally see two kinds of compliance managers. One is the softie who just tries to get everybody to go in the right direction, and they’re sweet as pie the whole time. They’re going to be pleasant all the way through so everyone can feel good about their work.
Then there’s the drill sergeant. They don’t give two figs about being friendly, they have a job to do and they’re going to make sure it gets done right and done on time — come hell or high water.
For many compliance managers, the skill they need to develop most is the ability to move dynamically (as necessary) from pleasant to drill sergeant. Nobody wants to be dealing with somebody who’s pounding their fist on the table right out of the gate, but there are times when some pounding is necessary.
A successful compliance manager will be cooperative and pleasant by default, but willing and able to turn the screws when necessary. Because at the end of the day, they’re going to be judged on whether or not the work got done, with the right results.
Related: Avoid the Common Mistakes New Compliance Managers Make
Access to the Right Technology
You can hire the world’s greatest compliance manager, but they won’t be able to do everything themselves (or they’ll implode trying). If you have manual systems in place for managing their work, they’ll be a lot less effective than if they have the right technology to automate the utter wastes of time on their engagement.
Too many compliance managers are stuck using Excel spreadsheets, forcing them to spend countless hours updating status and tracking individual pieces of evidence by hand. It’s the worst waste of time you can foist upon them.
There are tens of thousands of interaction points on a typical engagement workflow. Why track them all manually, when it can be done automatically in real time?
Do your compliance manager a favor and boost their effectiveness by adopting an automated compliance management solution like TCT Portal. You could make your compliance engagement 65 percent more efficient as a result.
What a Compliance Manager DOESN’T Need
One thing that tends to be a common misconception is the idea that the best compliance managers have certain technical certifications, like a CISSP. Nothing against the CISSPs of the world, but simply having your CISSP does not automagically make for a good compliance manager.
Often those types of certifications are generic in their nature, and the value they add is minimal at best. Just because someone has a piece of paper, that doesn’t mean they can now go and manage compliance, running a complex engagement and supervising teams of personnel.
I’d rather have somebody with three years of real world experience than to have someone who only carries a CISSP certification. A piece of paper isn’t going to prepare anyone for real world compliance management.
Equip Your Team for Compliance Success
The Right Compliance Manager Makes a Huge Difference
As the human glue who holds your compliance program together, the compliance manager is a vital part of your organization’s security stance. I can’t overstate how important it is to find someone with the right skills and capabilities to lead the charge. We’ve seen plenty of companies that hired or promoted the wrong person, and it creates a disruptive mess that affects the rest of the organization.
TCT personnel have been deep in the compliance industry for decades. If you need help finding an effective compliance manager, note that TCT regularly assists organizations run their compliance engagements through our fractional compliance consulting solutions while optimizing the use of their internal resources effectively. We’re here to make compliance management suck less, and that isn’t limited to our software solution.
Get industry insider expertise delivered to your inbox
Subscribe to the TCT blog