We sat down with Zhaneta Ilievska, a Compliance Manager at ⋮IWConnect, and dived into her remarkable 20-year journey with the company. We explore what initially drew her to the company in its early days and how her role has evolved alongside ⋮IWConnect’s growth.
What initially drew you to ⋮IWConnect or InterWorks at the time, 20 years ago and what was your role when you first started?
It was a long time ago, but I remember it very well as if it were yesterday, reflecting on my journey towards pursuing a bachelor’s degree and entering this career path. 😊 Becoming a compliance manager requires not just knowledge but also a positive attitude towards continuous learning and improvement.. I would like to say a little about the context at that time to understand my decision to join the company and eventually become a compliance manager. In the early years of my career, still in the last century, I gained solid IT experience working in private Macedonian business companies. The management of these companies took the need for digitization in their operations seriously and invested generously in IT staff, infrastructure, and applications… so, I had the opportunity through a lot of interesting work to learn, as they say, ‘to master the craft’ in all things IT and to understand the problems and needs of the real business sector in IT.
Along the way, I had the chance to collaborate with many solid and incredible colleagues who worked here and there in various companies or institutions… we read and exchanged literature, experimented, communicated constantly, met here or there to exchange experiences and solutions to problems… but still, it was not the same as being together under the same ‘umbrella’… although, I must emphasize that all of us working in the IT sector in those companies were quite respected… and we enjoyed many privileges.
Close collaboration with ‘kindred spirits’ was especially important… given the diversity of daily engagements on the one hand, such as user support, development, maintenance, and upgrading of applications, data transfer, resolving hardware and network issues, and on the other hand the upcoming challenges for migration to new modern Web platforms that were inevitable in that period (the technologies used at that time for application development were mainly DOS and Windows).
So, considering all the challenges, I realized that I wanted to go in a different direction and work in a specialized software company where I would develop new modern technologies, instead of staying in the IT department of a company.
At that time, in Macedonia, and especially in Bitola, such specialized companies were rare, so one option was to look for opportunities abroad as many of my colleagues did at that time… but, an advertisement for programmers in a new company in Bitola, where development for new world-known platforms would take place, intrigued me… it was in line with my vision. I applied, went through a testing process, and to my delight, I was offered to try my luck in the company that was starting to write its story in those days.
I started with intensive learning of the Java platform and TIBCO integration platform as well as all the associated tools, application servers, databases for the development of two products the company was engaged in. Translated into today’s disciplines, I worked as a Full-stack developer for the development of Web applications and as an Integrator in TIBCO.
Early on, you worked as a developer. What made you decide to transition into a career in compliance, and eventually becoming a compliance manager?
The transition to Compliance was not direct; it was gradual. My engagements across projects in development intertwined with other Software Engineering disciplines such as requirement analysis, architecture, design, testing, and also team leadership. At one point, I spent most of my time as a project manager with a greater focus on the organizational aspects of projects and delivery, and less focus on the execution part.
This gradual shift towards project management began precisely in the period when the company decided to implement ISO standards, ISO 9001 and ISO 14001. Given my experience and understanding of the importance of ISO 9001 from a previous company I worked for, I was directly involved in the implementation of these standards and I would say that this marks the beginning oft my work in the field of Compliance. Here, I must mention that in the implementation and certification of these standards, I worked together with many colleagues, each in a specific domain of Software Engineering according to their project experience. We also used best practices from well-known frameworks in the domain of Software Engineering… and none of this would have happened without the unconditional support of the management in adhering to regulatory standards.
How has your background in development helped you succeed in your compliance role?
My direct involvement in the processes within the field of Software Engineering has greatly assisted me not only in the implementation of ISO 9001 but also in monitoring and checking the processes… I am “from the IT industry” and I understand how the process “breathes” or at least how it should “breathe” with all its flaws and advantages, from both a quality aspect and an information security perspective. The same applies to ISO 27001, security because it is at the core of the processes that make up the company’s operations and the management of information through these processes. Understanding the sector and the process within the company facilitates compliance with the legal requirements that the business sector is subject to, compliance with standards, and the daily operations’ alignment with policies… and monitoring of compliance is easier to some extent. Knowledge of the company and the business sector in which it operates is a major advantage, at least from my point of view, because it allows for a deeper dive into the real problems that any company is naturally bound to have, especially if it is rapidly growing. It also makes it easier to identify weak points and suggest improvements since not every problem due to non-compliance is solved straightforwardly.
What have been some of the biggest changes and evolutions you’ve seen at the company over your 20 years here?
Probably, from the perspective of managing and monitoring compliance, the transformation of the company occurred when it introduced more specialized technological practices starting around the period from 2016 onwards, as well as the reorganization and establishment of dedicated departments for HR, Sales, Marketing. Significant changes also include the introduction of affiliated companies either domestically or abroad, which adds layers of complexity to regulatory compliance. I see this as a natural response of the business considering the context and the global market.
Compliance with regulations and best practices have changed a lot in 20 years. How do you and your team stay on top of the latest developments?
The answer is simple: constant monitoring, communicating, adapting… learning, learning, and just learning.
In today’s digital age, cybersecurity is a critical concern. How do you work with other departments to ensure our company’s data and systems remain secure?
I would add that not only cybersecurity but also privacy is another dimension that has become a serious concern in today’s digital economy. At the heart of both dimensions is the security of information, whether it be business information and/or personal data. However, in assessments of personal data security breaches, the focus is on the impact on the individual rather than the business.
Achieving information security and compliance with privacy regulations is not the task and responsibility of just one or two people. Everyone in their own domain or department has their responsibility for protection and compliance because they are considered the internal owner of the information. We have an Information Security Committee that plans the controls and processes to achieve an adequate level of security, whether these are technical or organizational controls (processes), and then the implementation goes to the level of the appropriate IT system / practice / department / division / project, according to the classification of the information being processed and the required level of protection.
In the scope of personal data protection, the focus is on the processing of personal data. Here, there is collaboration with each department where there is typically processing of personal data, such as HR, Sales, Marketing, project teams, or authorized personnel involved in the processing of personal data. Collaboration is especially intensive when introducing new processing of personal data or changes to existing ones (e.g., introducing a new system, service, product, or process), showcasing the importance of targeted efforts from every employee.
It is mandatory to conduct assessments of the processing from the aspect of maintaining privacy principles and realizing the rights of subjects, information security. This should and must be a continuous process of checking and compliance, as the processing changes, threats, and risks to security in the digital age change… only with a well-established framework for information management and change management (organizational structure, policies, and procedures) according to ISO 27001, ISO 27701, ISO 27017, ISO 27018 can compliance be achieved either from the aspect of security or privacy of information… but above all through training and only training.
Looking back, what are some of your proudest accomplishments and fondest memories from your time at the company so far?
There are many… every successfully completed project, in the years when I was actively engaged in working on projects for clients, small or large, regardless… through which many professionals “grew up”… some of whom are still here, while others left to build successful international careers… but certainly, acquiring the ISO certificates for ISO 9001, ISO 14001, ISO 27001 is something I would particularly highlight because I invest in these specially… certainly together with colleagues who are dedicatedly working on these issues… but above all, I am proud that despite everything, I work in a company that started here in Bitola and has been operating globally stably for two decades.
What excites you most as you look ahead to the future of ⋮IWConnect and your work in compliance here?
The company is growing, expanding its range of services, and operates internationally, so in such a dynamic environment, there are interesting and new challenges… hence the inevitable needs for constant improvement, optimization, automation, and introduction of new processes that will be compliant either with sectoral regulations and/or ISO standards… My personal aspiration is to achieve an even “smoother” flow of information and an even higher level of maturity of the management systems in the company to facilitate maintenance and monitoring of compliance.