No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

3 Keys to Successful GRC Programs

by Corporate Compliance Insights
March 15, 2018
in Featured, Leadership and Career
3 Keys to Successful GRC Programs

Q&A with Brad Bussie, Principal Security Strategist at Trace3

Today we feature an interview with between Maurice Gilbert, CCI’s CEO, Founder and Publisher, and Brad Bussie, Principal Security Strategist at Trace3, a provider of IT solutions and consultation services. The company’s thriving security practice helps companies review and manage internal policies and protocols to develop an integrated approach to data security and compliance in a way that supports growth. Brad helps global businesses meet changing regulatory and security compliance standards to mitigate risk and avoid security threats.

Maurice Gilbert: How did you get started on a career in compliance?

Brad Bussie: I decided early on in schooling that a life in information security was for me. There is something about the structure compliance brings that resonates with me. I was fortunate enough to get my start in compliance by working for a military contractor. I am sure you can imagine the level of compliance that exists for the Department of Defense.

MG: Who helped shape your views?

BB: I am lucky enough to have a father that started his own technology company after serving in the Navy. He has been, and continues to be, the one who helps shape my views. I have found over the years that he has a unique way of looking at things and weighing both sides of a problem. His views have helped me better understand problems, challenges and solutions.

MG: How do you stay current on ethics and compliance issues?

BB: I read over 60 books a year on a variety of subjects. I am what you would call a lifelong learner. I also belong to several professional organizations that focus on cybersecurity, risk and compliance. Industry publications are also a staple of mine as well as researching and understanding compliance frameworks that any number of my customers are currently leveraging.

MG: What are some of the significant issues facing CCOs, Risk Managers, etc.?

BB: Organizational speed, scale and complexity are significant issues facing CCOs and Risk Managers. I find three key things are needed for successful compliance and risk programs: the right people, process and technology. Qualified people are becoming scarcer in security disciplines. Because of this, process and technology need to be well designed and utilized to survive the rigors of risk and compliance.

MG: What do you believe is the optimal reporting structure for the CCO and why?

BB: A CCO, much like CISO, must have what I call “juice.” Reporting structure is important only partially; what is really needed is charisma. Most business leaders don’t understand why compliance is necessary and feel like compliance is being done to them specifically as opposed to as an organizational mandate. This misconception leads to resistance and only partial compliance. The CCO needs to report to the right individual within the organization to be recognized as having the power to get things done. I often see a CCO reporting into a board sitting CISO, legal officer or CRO.

MG: How do you effect change within your clients’ environments?

BB: Consulting has given me a great platform to effect change within client environments. Organizations seek out consultants to help them solve specific challenges. I am honored to bring my industry experience and skillset to each client individually. At the end of the day, I am a problem solver. The secret sauce to being effective in an environment is understanding the problem, identifying what is causing the problem, developing a plan of action and executing the plan to solve the problem.

MG: How do you see the CCO role evolving within the next three years?

BB: The CCO role is going to become more important in organization over the next three years. They may not always be called “Chief Compliance Officer,” but the need will be there. I see the CCO taking a more proactive role in making sure that vulnerability management and auditing are part of the overall compliance framework. Ultimately, the CCO will make sure that policies and procedures are being followed using advanced analytic tools that examine the business in an automated fashion.

MG: What do you see as the greatest business risks facing companies today?

BB: Cyberattacks are one of the biggest risks facing companies today. Due to the insidious nature of cyberattacks and the broad target area, companies need to take them seriously. Attacks have traditionally occurred at the perimeter, but we are now seeing most of them coming from malicious insiders. An innocent tap on the wrong email or a forgotten patch on a web server are all that stand between you and the front page of the news. The damage that cyberattacks are having on intangible things like company image and brand presence cannot be ignored.

MG: What do you see as the greatest regulatory risks facing companies today?

BB: The greatest regulatory risks facing companies today are exceptions. I have been in a number of organizations over the years that attempt to follow compliance and regulatory mandates to the letter – until something breaks. Systems or processes that are core to the business suddenly fall over because of a change. Homegrown software platforms generally do not consume compliance as readily as COTS software. What happens next is where the root of the problem lies; exceptions are made for the regulation, there is ample documentation as to why the exceptions are made and we move on. Welcome to your next exploited vulnerability.

MG: How might Chief Compliance Officers, Chief Audit Officers and Chief Risk Officers prepare to face these risks?

BB: The best way to face the risks are to justify the time, talent and treasure needed to update existing processes and systems to comply vs. documentation. Regulatory requirements, while often difficult, exist to make organizations safer.

MG: How does your company help its clients mitigate risk?

BB: We help customers mitigate risk by first identifying what the risks to the business are. An understanding of the risks allows the team to decide how to prioritize the acceptance, control and monitoring of the risks. We develop life cycle mitigation plans that are unique to each client.

MG: What new service offerings do you have in the queue?

BB: Our company is laser focused on transformative information technology, innovation and elite engineering. This focus enables us to rapidly bring to market new service offerings in infrastructure, cloud, security and data intelligence. Look to us for end-to-end multidisciplined service offerings.

MG: Compliance departments are often asked to accomplish their work with limited resources… do you see this situation changing any time soon?

BB: I don’t see the limited resources problems facing compliance departments changing anytime soon. If anything, I see the problem getting worse. The only real hope we have is to embrace automation and machine learning to do more with less.

 

Brad Bussie is the Principal Security Strategist at Trace3. He is an award-winning 15-year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence and DoD customers solve complex security issues.


Previous Post

Whistleblowers at the Supreme Court: Digital Realty Trust v. Somers

Next Post

TRACE International’s 2017 Global Enforcement Report

Corporate Compliance Insights

Corporate Compliance Insights

Corporate Compliance Insights

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

Next Post
TRACE International’s 2017 Global Enforcement Report

TRACE International's 2017 Global Enforcement Report

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT