In our Spotlight on Success series, Steve Hindle, Chief Information Security Officer and Acting CIO of Mad Mobile, shares how his team centralizes compliance management to identify gaps before they become a problem. Headquartered in Tampa, FL, Mad Mobile provides a unique platform that enables restaurants and retailers to achieve mobility with their existing systems to increase sales and digitize the guest experience. Hear how this InfoSec team at a private technology company gained valuable visibility into organizational risk by switching from a manual environment to AuditBoard, including:
- Leveraging AuditBoard’s CrossComply solution to centralize audit and compliance activities in a single source of truth and break down silos across the enterprise.
- Mapping controls and risks across frameworks and standards including PCI DSS, SOC 2, P2PE, AML, KYC, OFAC, and more.
- Reducing stakeholder fatigue by requesting evidence once across multiple frameworks and compliance activities.
- Shining a light on compliance gaps and overlaps with one set of common controls.
Tell us a little about your role at Mad Mobile, and some of the challenges you faced managing your InfoSec programs in a manual environment.
“Mad Mobile is a very entrepreneurial, very dynamic, and very young company. We as an organization are disrupting the mobile payment space, and I’ve been brought in to secure and build an enterprise-wide cybersecurity program — looking at maturing the strategic IT technology stack that supports the business — and also on the other side of the shop, taking ownership of and reporting directly with our board for GRC, governance, risk management, and compliance.”
“When I walked in through the front door, Mad Mobile had a compliance function that was being handled through our operational excellence organization, which I inherited and took on. All those pieces, as they slotted together, were siloed. There was no GRC platform bringing all of the different audit and compliance activities across the company together.”
“We have P2PE compliance, which is a hardware encryption-based piece for our points of sale, all handled under the PCI Security Standards Council. We have level one PCI DSS compliance for our supporting infrastructure. We have a SOC 2, and on the back end of that a SOC 2 Type 2 around all our controls as an organization. Because we’re a payment facilitator, we have AML, KYC, and all the regulatory OFAC pieces of compliance as well. All of those were being handled in silos using… Excel and spreadsheets and documents and SharePoints and OneDrives and GDrives. It was all over the place — and most organizations are the same. I had to hold my hands up and say, there’s a better way to do this! Let me introduce you to a platform that I’ve had some experience with in a previous life, which was AuditBoard.”
How has AuditBoard’s CrossComply module enabled you to reduce silos to identify gaps as well as duplicative work?
“The enemy of a successful GRC program is this silo mentality. As leaders in our companies and influencers across our C-level stakeholders, we have to resolve and remove that silo mentality because we need to reduce risk, we need to reduce costs, and more than anything else, we need to reduce — or completely eliminate — the duplication of effort. That’s my goal.”
“The biggest benefit that AuditBoard brings to an organization and to practitioners such as myself, is assisting us in shining a light on where there may be gaps before those gaps become a problem. AuditBoard allows us to bring our ecosystem in, turn the lights on to show us what we need for compliance, and link it all together. Then we can say, ‘What we’ve got here isn’t a checkbox gap — it’s an operational gap.’ By looking at things through AuditBoard, you can get a more holistic picture of your business.”
“What gets measured gets done. AuditBoard CrossComply helps you measure. It helps you see gaps where things may not be slotting together correctly. It shows you the operational risk — the business risk — where you can then effect change. Because if we’re not effecting change as compliance leaders, then what are we doing?”
Tell us about your vision for the importance of compliance, and how technology supports that vision.
“One of our biggest objectives is to get our people working on things that matter. Compliance makes a difference because it proves that you are trustworthy, your organization is trustworthy, and you can demonstrate that you meet the goals and objectives of your clients and customers. That’s why compliance is important — proving it needs a tool like AuditBoard.”