Contributed by:
In the security business, the importance of finding your voice and making yourself heard is often overlooked. For corporate security directors and other security professionals, the first step in providing effective security and risk management services in the corporate space is to understand how to find that voice and clearly define their role.
From individuals to institutions, security professionals who are skilled at making security program assessments and facility-level risk assessments should make sure they are equally adept at providing enterprise-wide consultation in how to write and execute a coordinated and strategic security strategy. In other words: they need to navigate the corporate terrain with the same insight and skill as they do the contours of the risk and security landscape.
Getting better at strategically positioning security functions at an enterprise level requires understanding how that enterprise operates, what your role should look like, and how it connects to every other part of the organization. The urgency of the coming recessionary cycle—and the looming deficits, accompanying layoffs, staffing challenges, and increased security vulnerabilities that will manifest in the years ahead—makes addressing this issue even more of a priority.
With that in mind, here’s what security professionals need to understand and what they can do to make sure they are standing on firm ground—making their role clear and their voice heard:
Making the leap from military and law enforcement to corporate security
The military and law enforcement background shared by so many security professionals makes many of them ideally equipped from a skills perspective to provide effective security services. From a cultural and communications standpoint however, newcomers to the corporate security space need to continue to work to develop their comfort level and skillset. Coming from fields and institutions where uniform laws, clear standards, and well-established and well-understood processes are rigorously developed and enforced, the corporate jungle can be a thorny new challenge. Human nature and political realities are universal, but when the firm ground of military or law enforcement gives way to the shifting sands of the corporate world, misunderstandings and misperceptions can occur.
Which is why it’s so essential for security professionals to continue to grow and adapt: to learn to think differently in this new environment. Policies, procedures and ethical conduct may be well-established and expected, but “process ownership” and interpreting your role and responsibilities can be trickier. Security is still a relative newcomer to the corporate org chart, and often lacks the clearly defined and universally understood status of departments like Legal or HR.
Recognizing and adapting to those new circumstances isn’t always easy, because the lack of familiarity goes both ways. Despite decades of detailed and diligent work to define the concept of security risk management in corporations, some senior executives still perceive the strategic management of the security function differently—and have very different interpretations of what success looks like.
Define yourself for corporate security culture
Mitigating some of those potential misunderstandings and positioning corporate security differently should be a be a strategic priority for security professionals. Addressing any lack of clarity obviously requires clear and consistent communication. More specifically, it requires educating members of the C-Suite about your roles and responsibilities—and educating yourself about the people, processes, policies, and perspectives that now define your professional environment.
Outlining the risks, establishing a mitigation strategy, and developing a sound security direction at the C-Suite and board level is now an important part of your mission—but that can’t happen until you define your role. If you don’t define the role, mandate, process ownership, and direction of the security function up front, rest assured the corporate culture will gladly do that for you. Failure to do so risks getting caught up in petty turf wars, frustrating budget battles, and other logistical, structural, and interpersonal headaches that can detract from your ability to do your job effectively. There is a dramatic difference between a security professional whose role is primarily tactical, responsible for “guns, gates and guards,” and a security professional who is empowered to provide big picture strategic guidance in developing a coordinated, cohesive, and consistent enterprise-wide security plan. The latter requires access and influence at the leadership level, which won’t be present unless you do take the initiative to make it so.
Ask the right questions to build strategy
You cannot design and build a strategy that makes sense—much less execute that strategy operationally—until and unless you get a better feel for your company, the space where it works, and its unique risk profile. That isn’t something that happens independently: it requires coordination, collaboration, and communication, and it demands that security professionals help their C-suite partners begin to think strategically, not tactically.
You have to ask and answer big questions like:
- What does your existing security infrastructure look like?
- How is your security function positioned internally?
- How can we help you position yourself better so that you have a security department that functions holistically and is connected to the rest of the organization?
That last point is particularly important because it’s such a common pain point. Some surprisingly large companies have silo-style security infrastructure that neither coordinated nor holistic. They may have the resources, but they often don’t have the structure or strategy in place to make the most of those resources and get the best ROI on their security investment.
The unique challenges of corporate security
It might sound obvious, but you can’t make yourself heard until you make yourself informed. Corporate security—particularly the kind of complex, big-picture strategic security planning that can make a difference for Fortune 500 companies, occupies a unique and specific space in the security industry.
To succeed in corporate security requires, as a baseline, a working knowledge of all security aspects of physical, personnel, legal, labor, fraud, and internal control processes, as well as the complexities of investigation in a private setting. It requires a familiarity with all areas covered by existing security standards and publications, such as the Protection of Assets Manual and related texts. Too many security professionals assume that their security experience will translate directly to the corporate sphere, only to subsequently find themselves out of their depth. This is particularly common with individuals who worked in an agency setting that concentrated on investigations only, and don’t have the broader exposure to contemporary crime prevention required for success at the corporate level.
You not only have to know your stuff, you have to understand how it applies to your employer. The best and most effective corporate security pros have a firm grasp of the unique blend of risks, resources, and workplace realities specific to their company—and they appreciate how that constellation of characteristics, assets, and liabilities influence their work.
With that depth of insight and understanding—of both the big picture and of your company’s unique structure and profile—you can begin to craft an effective and strategic security plan. In my next article, we will break down the nuts and bolts of the process: once you find your voice, how will you use it? From setting a budget, to understanding and accommodating internal corporate structures, that piece will include a detailed breakdown about how to design, communicate, and implement an enterprise-wide strategic corporate security plan.
For corporate security directors and other security professionals, effective security and risk management demands finding and defining your voice and role.
If you need help positioning your security strategy within your organization, fill out the form below to contact Pinkerton today: