The Good, the Bad, and the Ugly
Murray Pearce
Threat-Informed Defence Strategy | Mental Fitness in Security | Managing director & Co-founder
How to Be a Good Compliance Leader in the Age of Threat-Informed Defence
Compliance is essential for any organisation that wants to operate legally and ethically. It is the responsibility of compliance leaders to ensure that their organisations comply with all applicable laws and regulations. However, not all compliance leaders are created equal. There are good compliance leaders, bad compliance leaders, and everything in between.
The Good
Good compliance leaders are proactive and take ownership of the entire compliance process. They set clear expectations, make sure everyone on the team understands their role, and foster a sense of accountability. They also see the bigger picture and understand the importance of compliance for the long-term success of the organisation.
Good compliance leaders are also good communicators who can explain complex compliance concepts in plain language. They are also able to build relationships with key stakeholders and get buy-in for compliance initiatives.
In the age of threat-informed defence, good compliance leaders also understand the importance of cybersecurity. They work with the security team to identify the organisation's most critical assets and determine the threats that those assets face.
They help to develop and implement security controls that are tailored to the specific threats that the organisation faces. They communicate the threat landscape to the organisation and ensure that everyone is aware of the risks. They monitor and evaluate the effectiveness of security controls to ensure that they are effective in mitigating threats.
The Bad
Bad compliance leaders are reactive and make excuses. They blame others for problems, and they are not willing to take responsibility for their own actions. They also dwell on the past and what could have been done differently, instead of focusing on the future and how to improve.
Bad compliance leaders also think in terms of the next audit and focus on tasks and evidence, rather than on the overall risk picture. They are more concerned with checking boxes than with actually understanding and mitigating risk.
Bad compliance leaders also talk about compliance in technical terms that most people don't understand. They make compliance seem like a complex and daunting task, and they don't do enough to engage and motivate others to take ownership of compliance.
The Ugly
The ugly compliance leaders are the ones who actively harm their organisations.
领英推荐
They may knowingly violate laws and regulations, or they may turn a blind eye to non-compliance. They may also use their position to enrich themselves or their friends. Ugly compliance leaders can be a danger to any organisation.?
How to Be a Good Compliance Leader
If you want to be a good compliance leader, there are a few things you can do:
If you can do these things, you will be well on your way to becoming a good compliance leader in the age of threat-informed defence.
Inspired by the recent work of anecdotes
_______________________________________________
Enjoy reading this edition?
Consider subscribing to the Bright Insights Newsletter for weekly cybersecurity updates and insights:?
Business Development and Sales Leader | Relationship Leader | Board Advisor | Entrepreneur | NED
1 年Great article Murray. Keep them coming.
Entrepreneur, Founder & Business Strategist 9 X Founder & CEO with 7-9 figure Exits Investor & Advisor Acquisitions, Scale-up & Exits Impact, Tech, AI, Health-tech & Property
1 年I'm sure you have no ugly compliance leaders reading this. They're definitely in the minority.