What is a compliance manager?
Corporate compliance programs exist to steer an organization’s employees toward certain standards of conduct, as dictated by laws, regulations, and company policies. Compliance managers are the ones in charge of making those programs work.
At a practical, day-to-day level, the responsibilities of a compliance manager include maintaining a company’s legal and ethical integrity through policy planning, enforcement, and addressing compliance issues as they arise.
Your compliance manager (also commonly called a compliance officer) works to assure that your organization remains within the strict boundaries of regulatory requirements and meets all official standards that govern your business.
What does a compliance manager do?
Modern models of governance, risk, and compliance blend compliance with regulations and risk management into one larger whole. That is, good risk management acts as a foundation for any compliance management program.
So before determining an organization’s control landscape, your corporate compliance officer needs to identify (working in conjunction with the rest of the management team and the board of directors) the risks facing all data storage systems and your organization’s tolerance for risk.
For example, information stored on a single, unconnected corporate desktop may present a lower risk than data stored on an employee’s personal computing device. Therefore, the controls in your security compliance policy would vary based on the security risks each of those scenarios pose.
The compliance manager’s job is to assess and understand all such risks—including the risk of failing to meet regulatory compliance obligations—and then develop policies, procedures, and internal controls to keep risk at tolerable levels.
What qualifications do you need to be a compliance manager?
Most compliance managers have a college degree, usually in a business field such as accounting, IT systems, security, or management. Many schools also offer master’s level courses or continuing education programs in corporate compliance. A significant portion of corporate compliance managers have a law degree and work as corporate lawyers before moving into compliance specifically; others might work in corporate auditing or IT security before shifting into the field.
Numerous trade associations, such as ISACA and the Institute of Internal Auditors, offer professional development courses and certification programs. Many mid-career professionals work their way through such programs and then try entering the compliance field.
The Bureau of Labor Statistics reports that the average salary for a compliance manager is $106,896 per year.
Are there specific compliance manager types for certain frameworks?
Compliance comes in several forms. Compliance managers, therefore, need to be well-versed in the multiple languages of compliance.
Today’s regulatory standards require understanding the often overlapping laws governing an organization. As such, compliance managers need to know how to implement a variety of controls to ensure compliance is maintained at all times.
This may include standards such as the Health Insurance Portability and Accessibility Act (HIPAA) to govern personal health information; or the Sarbanes-Oxley Act of 2002 (SOX) to govern the reliability of corporate financial reporting.
Despite focusing on different information, both HIPAA and SOX are government regulations that standardize controls in the IT landscape. Thus, compliance managers need to navigate the similarities and differences in each.
Unlike government regulation, industry standards don’t always invoke penalties for compliance failures. Still, businesses that want to remain competitive must meet whatever best practices these standards dictate.
For example, compliance officers in the insurance industry are responsible for protecting the data that insurance companies collect to set premiums, collect payments, and pay claims. (For those particularly in health insurance, that includes HIPAA compliance since the data pertains to personal health information.)
The credit card industry, meanwhile, has the Payment Card Industry Data Security Standard (PCI DSS) to protect credit card data during payments and claims processing.
Once compliance professionals determine the appropriate government regulations and industry standards for your business, they need to create a compliance program that incorporates ongoing governance, risk, and compliance.
For example, to achieve PCI compliance, the compliance manager would need to determine whether the organization’s endpoint encryption and information segregation match the compliance policies (approved by the board, of course!) that act as your internal standards for corporate compliance.
How does a compliance management system simplify risk management strategies?
Once upon a time, your organization’s compliance management solution may have been spreadsheets. With only a few standards to follow, this made tracking daily activities cost-effective.
But over time, scaling your business requires an ability to track multiple standards and regulations within your corporate policies and procedures. Spreadsheets become unwieldy. The time your security compliance manager spends engaging in spreadsheet review costs you money.
With ZenGRC’s compliance management software, you can share information among stakeholders to improve decision-making and set the appropriate role-based privileges to keep your controls accessible, yet safe from tampering.
With the varied duties involved in a compliance manager job description, ZenGRC can enable him/her to focus on compliance, rather than tedious tasks like gathering information for audits.
Moreover, with ZenGRC’s built-in mapping capabilities, your compliance director can more easily employ gap analysis to determine the additional compliance activities needed to support your company’s growth. ZenGRC acts as a single source of truth streamlining the audit process.
For more information on how ZenGRC can support your compliance program efficiency, request a demo today.