4. Work in tandem with finance and compliance groups.
"It really is a team event," Worrall says of Sun's governance, risk and compliance effort. "No day goes by where a compliance-related topic doesn't involve our CFO or controller, the CIO and the chief privacy officer. Our director of compliance attends meetings with these organizations to ensure that IT is acting consistently with all the other organizations in the company."
Laliberte concurs, adding that in the retail industry, the shift to meet the new PCI data standards demands a major, sweeping project affecting multiple parts of the company. "This is usually a pretty big effort," he says. "Often it will be driven by the internal audit department, with the CIO responsible for a number of projects needed to get the controls in place."