You know the saying, “Jack of all trades, master of none”? It refers to an individual possessing a wide scope of skills but who fails to “go deep” in any of them.
In InfoSec Compliance, we have an ever so slightly different saying; “Jack of all trades, and you better be master of all, if you want to keep your job.”
Did you catch the subtle difference there?
It’s clear that a Compliance leader, whether a manager, director, or team lead, needs to have impeccable technical skills. But perhaps contrary to popular belief, a Compliance leader, regardless of official title, has to have far more than just technical expertise. This is a complex role that balances multiple skills both soft and hard, capabilities, and approaches.
Suffice to say, if you prefer to be a “master of none”, this might not be your dream job.
But for argument's sake, let’s assume you do crave challenges, you love pushing your abilities, and you want to totally rock your role as a Compliance leader; what are the key leadership soft skills you need to have in your arsenal?
In my 20 years in the field, I've seen a lot of different types heading up Compliance teams; but being a manager/director/team lead did not necessarily mean that they were successful in their role; In this post, I’ll take you through the most important soft skills needed to be a successful Compliance leader, one who inspires those around them and more importantly, someone who changes the reputation of Compliance from a source of frustration to a source of company growth and maturity from the inside-out.
Compliance leaders have a complex job, wherein multiple personalities, business silos, and technical concerns must be skillfully managed, consistently and constantly. And a major part of their responsibility is to show every person in the business how the total Compliance picture works, where they fit into it, and why they are important to maintaining a compliant business structure.
Having well-developed communication skills ensures that leaders can guide each and every department and understand their pain points to reduce frustration without compromising the company. A strong Compliance leader creates an atmosphere that sees Compliance as an enabler, constantly driving the business forward.
In the fast-moving Compliance ecosystem of evolving regulations, contractual obligations, and security threats, constant change is one of the only certainties. The result is that Compliance is not a place where a stuck-in-the-mud, “but I have always done it this way” attitude will thrive.
Thus, cultivating a continuously-learning mindset is critical. As essential players within the business, leaders are expected to stay on top of industry changes, security updates, Compliance updates, and so much more—and they must be capable of taking all these changes and applying them to the business. A true leader keeps pace with the rate of market and innovation changes and is open to exploring new tools and methodologies that can help them do their jobs better than previously.
It’s not enough to be a team player who listens and pays attention; This role requires motivating people across various levels of the organization, inspiring them to view Compliance as a business driver, and encouraging them to respect how this impacts the overall business.
Very often, this role requires buy-in from people who are more senior and who thus may need quite a bit of persuasion to understand the value of security, the importance of Compliance, and/or the need to follow tight restrictions and guidelines. The successful leader can motivate and inspire even people who don't typically answer to them.
In InfoSec Compliance, details matter. Even small oversights can wind up costing big bucks. This requires examining every fine detail, unpacking every overlooked issue, and finding every forgotten crevice within the security and Compliance strategy to prevent being caught off-guard by the unexpected.
This means rolling up those proverbial sleeves and plumbing the depths of everything—from how controls are structured, to understanding potential gaps within policies, to understanding the unique nuances of each implemented framework, and everything in between.
To be successful in this role, leaders need to speak the various languages of marketing, R&D, product development, IT, engineering, and business. Every silo and department has its own pain points and pressures—and often, they only understand Compliance within their own context.
Just as a chameleon blends seamlessly into its background, an adept Compliance leader changes tone and message on demand, ensuring that Compliance is communicated in the right language. With this ability, security and Compliance can be applied within their silo, and translated to other areas of the business as well. A successful leader deftly demonstrates how Compliance is relevant within the world or other departments and how this affects the rest of the business, while giving them the tools to manage their responsibilities effectively.
They say that perfection is the enemy of progress and this is often the case in Compliance, where waiting for perfection may be tempting, but can be equally as dangerous. A successful leader knows when to hold their cards and wait for a more optimal situation, and they also know when it’s okay to make a fast, though perhaps less “perfect”, move. This skill can be especially relevant when it comes to deciding which controls to implement over others, how to deal with swiftly-evolving industry requirements, and managing siloed departments.
The role of a successful Compliance leader requires a self-empowered and agile mindset, with a focus on continuous growth and learning, whether through knowledge, or tools, or delegation. It’s about being quick to respond, open to engagement, and committed to putting Compliance at the heart of the business.