Creating Information Technology Governance at a Large Corporation

The IT Compliance Governance project will take all known, and in-scope, worldwide identified laws and regulations, create unified requirements, and onboard teams to the requirements.

By making these unified requirements available in a single location, people will know where to go to understand the requirements, and the project team will have a database to track ownership and processes. The long-term goal will be to evaluate against the known requirements, making risk measurable as well as ensuring alignment to strategic goals and increasing visibility of risk to senior leadership. The end goal is to increase security and compliance related behaviors across IT by ensuring teams understand the reasoning behind the various obligations and how implementing those can aid in increasing revenue.

I will leverage a majority of the learnings I gained throughout the Organizational Leadership program. One of the greatest takeaways is the need for community. This program cannot be successful if created and done in a vacuum. The teams and I will need to work collectively, across organizations, skillsets, and technologies, for this program to not simply get off the ground but operationalize. I will need to build community by being authentic and vulnerable. Success will be difficult, and I will stumble along the way but I will learn and persevere.

“align the employees to the goals, but also to engage them in creating a plan on how to reach them. Engage and align effectively and you create a far greater chance of success.”

Christopher Crosby

Building IT Compliance Governance

  • My company is a multi-national retailer with hundreds of stores worldwide. There is a large Information Technology (IT) presence within as the company continues to expand technologically, to meet the increased market demands, resulting in greater collection and storage of member and employee data. My company has been around several decades and has a strong business model which is leading to increasing sales worldwide. Each country has their own laws and regulations regarding data handling and cybersecurity, and it is not efficient to manage each locale to a different standard. Information Technology (IT) needs to have a way to ingest and operate against disparate and varying regulations.

    The IT Compliance Governance project will strive to deliver increased awareness of the varying and distributed regulatory requirements by offering a single source of truth unifying all known laws and regulations. The project will result in a reduction of risk by evangelizing requirements and industry best practice to drive clarity, alignment, and ownership. By working across the IT organization to onboard teams to unified requirements, the project team will focus on the value of the objectives to influence desired outcomes and behaviors.

  • • Evangelize regulatory requirements and industry best practice

    • Ensure the security and safety of customer and employee data

    • Increase security and compliance-focused behaviors across the enterprise

    • Drive accountability by identifying ownership of processes

  • • Increase in compliance control adoption will result in decreased strategic, tactical, and operational risk; goal 75% adoption within one organization by mid-Fiscal Year 2025

    • Increased ownership of IT controls, clear lines of roles and responsibilities; goal 80% control ownership identified and agreed upon within one organization by mid-Fiscal Year 2025

    • Decrease in security-related incidents impacting member and/or employee data; 50% reduction in SLA response time due to increase control ownership by end of Fiscal Year 2025

    • Increase in collaboration and intake from IT to Information Security teams; cultural measure

  • I will be leveraging learnings from ORGL 518: Transforming Leadership as well as ORGL 515: Leadership and the Human Potential. The four tenants from ORGL 518 of: “be attentive, be understanding, be reasonable, and be responsible” will be key drivers to how I facilitate teams to onboard to the unified requirements. In addition, leveraging the learnings from ORGL 515 will aid me from a soft-skills approach and how I can intervene across and within the organization to drive the change in behaviors. Driving more of a security focus into each team will require me to engage a diverse set of personalities and I will need to understand how best to approach a wide range of people and processes.

Blue Doodle Mind Map Timeline Brainstorm.jpg