Re: What title?
"Perhaps the people circumventing the rules are making money for the company, unlike the IT departments which are spending it?"
Well, there's a tricky situation. There's and endless parade of disasterous, expensive or embarassing security failures and information leaks by people who didn't want to jump through hoops; everything's easier if you just tell people the password to use, if you don't bother with encryption, if you just take a load of work home with you so you can get it all sorted before some deadline.
In all these cases, if there were byzantine rules, there was no enforcement of them... they were purely discretionary.
So now you want to make this situation even more difficult for your IT staff, who you apparently view as the enemy. Now they not only have to trust that regular money-making valuable employees will not make any mistakes (and history has shown that this is often a bad idea) but now they also have to trust that the devices they bring in run up-to-date, secure operating systems and applications. They have to trust that the OS devs will release timely patches, and that the mobile network operators will push these patches out, and that the users will install them. History has shown that this isn't a great assumption either.
If your IT staff don't realise they're performing a service for the rest of the company, then the company management and HR have made poor recruitment decisions. If you think that data security rules are a pointless obstruction to your valuable work, then I'd say that your management and HR have made another poor recruitment decision, and I rather hope that you're not ever responsible for my personal data and the financial wellbeing of companies in which I have invested.