What is a Compliance Manager and What do They do?

by Pranav Ramesh
December 28, 2020
What does a compliance manager do?

The demand for Compliance Managers has grown drastically over the last few years and it will only continue to accelerate. In fact, it is expected to increase by 22.64% over the coming years. This is predominantly due to two factors—the companies’ reliance on technology and the ever-growing danger of malware and data breaches that threaten every industry. For legal, ethical, and business reasons, compliance managers are critically important. But what do they actually do?

Topics Covered:

  • What is a Compliance Manager?
  • What Does a Compliance Manager do?
  • What’s on a Compliance Manager job description?
  • Are IT Security Compliance Managers different?
  • A Typical Compliance Manager Job Description

What is a Compliance Manager?

A Compliance Manager is the person responsible for creating and maintaining the ethical and legal standards of an organization. This is done through both self-imposed rules created by the organization as well as regulations they are legally responsible to abide by. Compliance managers have to stay informed on changing norms and laws that could affect their business. They must be able to communicate these changes quickly and effectively to upper management, typically a Compliance Director, and make recommendations regarding how the organization should respond.

What Does a Compliance Manager Do?

What a Compliance Manager does will differ depending on both the organization and the sector. Most organizations have their own set of ethics, rules, and best practices they use to ensure the reputation of their brand is upheld. These are typically found in employee handbooks, codes of conduct, and even mission statements. The Compliance Manager is responsible for regularly reviewing these documents, reporting any recommended changes to upper management, and holding accountable those who were responsible if a breach occurred. Similarly, different sectors will have rules, typically in the form of laws and regulations, that must be upheld. For example, anyone in the healthcare sector will be very familiar with HIPAA. Some common IT governance and regulatory compliance requirements include GDPR (EU), GLBA, PIPEDA, and CCPA. A Compliance Manager would be responsible for ensuring everyone in the organization abides by those rules, holding accountable those who are not, and adjusting the business where needed to become compliant again. A Compliance Manager’s role may also differ depending on what stage of compliance it is currently in. Stages of Compliance

  • The Present This includes everything that needs to be done in order to become compliant. It includes learning and understanding the laws and regulations, analyzing the organization’s current processes, finding areas where the organization could be at risk, and creating the changes needed to become compliant.
  • The Future This includes everything that must continue to be done, in the future, to remain compliant. Organizations who become compliant, but don’t plan for the future, often find themselves at risk not too far down the road. This includes things like training current and future employees, developing processes to stay up to date with changes, developing rules and penalties for failing to remain compliant, and automating such tasks.
  • The Past Once an organization has become compliant, and has a plan in place to remain so, they must be able to demonstrate it. Both internal and external auditors will be looking for proof both now and in the future. Proper documentation and record-keeping are necessary to provide the proof when it’s mos