50% of my day is dealing with security compliance audits (ISO 27001, SOX.. etc)... Paperwork, audits, system logs and background checks... all to say how secure our company is.
But at the end of the day, it's just a bunch of fancy logos we can put on our website and show clients. Somebody always has the ability to access personal data (or make changes) no matter how secure things are.