Compliance professionals often find themselves positioned as the “no” people in organizations, creating barriers rather than building bridges. However, the most effective compliance advisors take a fundamentally different approach, focusing on solutions and revenue impact rather than restrictions. Shannon Noonan has built her career on transforming how C-suite executives view compliance, turning regulatory requirements into strategic advantages through trust-building and innovative problem-solving.
Speaking Executive Language
Shannon learned early on that walking into a room with regulatory jargon and a list of “can’ts” is a fast track to losing the room and gets you nowhere fast. Instead, she frames every conversation around business impact. “I always look for ways to tie it back to revenue and business goals. What’s the revenue and business impact? How does it affect the customer? What triggers their response or decision-making?” she explains. This approach transforms compliance from a cost center discussion into a strategic business conversation.
The shift happens when you stop being the “no person” and start being the solution finder. Shannon puts it simply: “I’m not the no person. I’m the person that sits there and says, how can I make your world better? How can I enhance this? How can I help you meet your requirements rather than just telling you what you can’t do.” Executives want to hear possibilities, not roadblocks, especially when they’re trying to grow their business.
Building Real Trust Takes Courage
Having difficult conversations comes with the territory, but Shannon doesn’t shy away from them. “What I do isn’t easy. I’m not always the bearer of good news. I’m often the person who walks into the room and hears the silent reaction ‘Oh no, what is she bringing now?’ People expect more to be added to their plate, not taken off,” she acknowledges. The key is earning trust through transparency and genuine help. When executives trust you enough to show you what’s really happening behind the scenes, that’s when real solutions become possible. “When you have the full picture, and they trust you, value your insight, and see that you are offering real solutions they will give you more responsibility. That’s when you can truly improve their world through greater efficiency and meaningful enhancements,” Shannon explains. Without that trust, you end up just putting patches on problems instead of fixing the root causes.
Her advice for anyone wanting to work effectively with executives is straightforward: “Be a sponge.” The compliance world moves fast, with new regulations and technologies constantly emerging. “You are never going to be a know it all. The rules are changing, the world’s evolving, the technology’s rapidly changing,” she points out. This learning mindset becomes crucial when you are jumping between organizations with different systems and challenges. Shannon often works with companies still running mainframes alongside others using the latest technology. The ability to solution across that spectrum requires knowing when to bring in additional expertise and how to ask the right questions.
Implementing AI Securely
Artificial intelligence presents a perfect example of Shannon’s solution-focused approach. Rather than telling executives they can’t use AI tools, she helps them understand how to use them safely. “AI is brilliant, it’s going to make you better,” she acknowledges. “You’ll be able to process information faster and execute tasks more effectively.” she acknowledges. But she also cautions against risks that many leaders overlook. “If you’re using the public version of ChatGPT and upload a financial statement for a quick calculation, you have just exposed sensitive organizational data to a public platform, potentially making it accessible to anyone,” she explains. The solution isn’t to ban AI but to implement it securely so teams can be more efficient while protecting company data.
Preparing for New Regulations
The regulatory landscape is shifting rapidly with new requirements hitting organizations from multiple directions. Shannon points to several major changes including CMMC audits affecting over 300,000 government vendors, new SEC filing requirements for publicly traded companies, and European regulations like NIS 2 and DORA. “We’re in for an transformational period, because no one truly understands the overall requirements to solution and implement or how each company will be impacted. But what we do know is that change is inevitable,” she says. These changes will require proof of compliance through actual evidence and testing, not just self-assessments. Organizations must embrace innovation to drive efficiency and quality, all while adapting to evolving requirements.
At the core of Shannon’s approach is a simple but powerful principle: transparency and honesty are the foundation of lasting relationships. “Don’t lie. Transparency is such a thing,” she emphasizes. When compliance professionals focus on finding ways to help executives reach their goals while meeting regulatory requirements, everyone wins.
For more information about upcoming compliance developments, check out her LinkedIn profile or join Shannon and her team on July 10 & 11 in Washington DC at International Cyber Risk Summit. If you’re planning to attend the two-day conference, be sure to use a promo code ICR50 for a special credit only found here.
