Data has become a huge asset for businesses in the digital age, making regulatory compliance a competitive differentiator...
for many modern companies. And as both regulations and data threats have become increasingly complex, GRC professionals' skill sets have become a prized commodity.
Compensation for these professionals seems to be keeping up with the trend, according to TechTarget's 2015 Annual IT Salary and Careers Survey. From a sample size of 176 respondents who selected "Compliance" when asked to select the top three technology areas that occupy the most of their time, the average salary reported was $107,888. Fifty percent received a raise in 2015, and 54% anticipate a raise in 2016.
The lucky IT compliance management professionals are getting more resources, too, with 33% saying IT budgets increased in 2015, and 38% reporting additional staffing in their departments. These employees have taken on much more responsibility in recent years: In addition to risk management, GRC professionals are often responsible for the administration and development of the company's technology platform and associated IT processes, said Marci McCarthy, CEO and Chairman of ISE Talent and CEO and president of T.E.N.
"Additionally, they're responsible for configuring, maintaining and reporting on the technology platform and its subsequent data," McCarthy said. "Other duties may include liaising with various business groups for the identification, remediation and tracking of organizational risks and vulnerabilities."
IT compliance management pros 'satisfied'
The heightened profile and additional responsibilities have not had a negative impact on satisfaction, however: 68% reported they were "satisfied" with their current position. In the next three to five years, 41% said they want to move up within their current company or department, and only 14% are seeking employment for a larger company.
Professionals' IT compliance management experience has become invaluable to companies as regulatory compliance rules have spread across industries, said Geoff Harris, CEO of Alderbridge and International board director of the Information Systems Security Association.
"Organizations are having to demonstrate to regulators and regulatory bodies that they are compliant, and they need people to do that," Harris said.
To fill the gap, companies have turned to a wide range of departments and potential skill sets, Harris said. Corporate risk specialists and IT professionals, for example, are increasingly tapped to fill GRC responsibilities and help maintain regulatory compliance.
"I think there is quite a good flow of candidates, generally, and from across professions that move into this area," Harris said. "I see people moving across from all sorts of areas, from within cybersecurity but also other areas -- moving across to take on those roles."
GRC remains a top concern
Not surprisingly, the respondents that specialize in regulatory compliance reported that their top "areas of greatest concern" in 2015 were compliance, security and risk management. These issues aren't going away, either: In 2016, many predict that their work projects will focus on compliance (67%) and security (44%).
Companies have sometimes struggled to keep processes up to speed as large data volumes have caused big GRC complications. The combination increased data threats; well-publicized breaches and new regulations have forced companies to develop detailed security programs on the fly -- and the staff to go with it, McCarthy added.
"As a result, most face a steep learning curve regarding hiring best practices, understanding qualifications and offering competitive compensation packages," McCarthy said.
In the face of these increased responsibilities, the moods at survey respondents' IT departments seem divided between optimistic and neutral: 36% described the mood as "optimistic," but 38% report being "neither optimistic nor pessimistic." The 2016 outlook seems a bit more positive, with 38% predicting the mood will be more optimistic next year, while 31% said it would be "neither optimistic nor pessimistic."
As for the regulatory compliance professionals who were more pessimistic about their IT department's mood, ineffective management (68%) and limited career advancement (53%) were cited as the biggest reasons for the increased feelings of pessimism.
Those with a more pessimistic view should take solace that their career opportunities will likely continue to expand in the near future: Demand for GRC professionals will only increase, McCarthy said, especially at larger organizations. But when it comes to GRC staffing, human resource and talent management organizations are at a crossroads, she added.
"They have a task and a mission to fill these positions," McCarthy said. "However, these jobs are not very easy ones to fill. They're not like general IT jobs, and many of them are very specialized and require specific kinds of industry backgrounds."
Read more from the TechTarget IT Salary and Careers Survey: IT salary survey shows differences in pay according to IT role, and business intelligence, big data professionals are ahead of peers on pay. Then, check out SearchCompliance's top 10 2015 compliance stories.