I discovered Jeff Snyder’s Security Recruiter blog the other day via Rothman’s blog, and I read his latest post about what a banking client was looking for in a security candidate. Seems like they want someone with “Risk Management” experience and “a deep understanding of Regulatory Compliance issues.” Makes sense. But wait! There is a caveat!
My client wants a candidate who has worked with regulations that have “Teeth”. In other words, while HIPAA is most definitely a body of regulatory compliance mandates, the argument was that to date, nobody on the call could think of a person who had gone to jail over a HIPAA issue. However, make a crucial privacy mistake in a bank or financial services organization and somebody is in serious trouble and could end up in jail.
So basically, they would not want me because most of my compliance experience lies in HIPAA. At first, that got my hackles up because I feel like I am as good as anyone working on SOX compliance. But then I thought better of that feeling. Because even though I feel like I did a pretty good job at getting my previous employeer compliant, I also know that the more I worked there, the less pressure I felt to get it done because the news stories kept coming down about problems, but no one was getting in trouble!
So, like the title of this post, I understand where Mr. Snyder’s client is coming from. If you ain’t felt the pressure, then you might not have done the best you could. They need someone who can work with that Sword of Damocles hanging over their head.
In general, Jeff Snyder’s blog is an interesting read. There is some good insight into what firms are looking for in a security professional. I suggest taking a look.