Day in the life of
Compliance and Risk Analyst – Matt Donahue
A typical day for me involves a fair amount of review because compliance standards are constantly evolving and expanding. I have to ensure that our systems, employees, and clients are meeting the compliance standards required by our contracts. I also work on the requirements for potential upcoming contracts. Some of my key responsibilities are researching industry compliance and regulations, communicating changes to the proper channels, ensuring appropriate training is in place, applying for compliance certifications, and updating existing policies to fit new compliance standards. Essentially, I have to learn and then help educate others.
For the risk analyst side of my job, I have to be aware of the potential IT vulnerabilities and cyberthreats that face our business and clients. Within this role, communication is essential. If there is a new threat or vulnerability, I have to communicate with the organization to ensure they are prepared and determine if they experienced any suspicious activity. Hackers will target all employees, so it’s essential to communicate effectively with everyone.
Compliance standards are everchanging and it keeps my job interesting. Cybersecurity is such a diverse industry that there is always something new to learn. I can always find something to be passionate about in risk analysis and compliance. I find it interesting to see how the rules and regulations have changed to address ever-evolving threats, as well as how new developments in technology will continue to change them.
One con to working in cybersecurity is that it can make or break a business, putting a lot of pressure on security professionals to always perform our best and stay ahead of the curve. It can be frustrating to have to constantly keep up with industry standards, but ultimately, it’s an important part of maintaining security. You never want to let a client or your company down. There’s also only so much you can do because a major component of strong enterprise security comes down to educated, motivated employees. Our work is a critical part of protecting organizations, but it can be frustrating to see employees who are lax with security and put company data at risk. Not everyone is as passionate about compliance standards as I am. Many people, both clients and employees are frustrated when they have to learn a new compliance standard—especially when they feel like they just learned a new one last week. Fortunately, proper cybersecurity awareness and education for employees can make a major difference!