What You Need to Know When You are Facing a Change in Leadership
Dealing with risk is something we do every day but there is one that is probably not on any of your risk management plans -- how to handle a change in reporting whether it be due to an internal organization structure change, an external hiring decision or a merger/acquisition situation. A change in leadership can be a difficult time because of the "unknown" factors.
What You Need to ConsiderThere are three main categories a new leader will tend to generally fall into when it comes to a relationship with you and the security function:
What You Need to DoThe first thing is to realize that a proactive approach to new management is the best recourse; views are easier to change before they become entrenched. If they have begun making statements to others about what they are going to do to "fix security" their own pride may prevent them from recanting or modifying their initial position. A preemptory strike may be required and if you are not prepared to execute on it wisely you may do yourself more harm than good.
Do some thoughtful investigation about the reasons why new management is being brought in and what their background is. This applies whether you are moving to a new position or if new management is coming to you. Ask yourself hard questions, take the view point of the new management and be brutally honest with yourself. Is this new management part of a startup of a security program, a turnaround of a failing security program, a realignment of security, or a sustaining success situation? What led the organization to this point?
Next, do some research on new managementâ€™s career history. Identify the most likely security issues / risks they have faced with previous organizations. What industry specific issues or regulations did they have to address that may have not been in this organization? Be prepared to answer questions related to these issues.
If the new leader is an internal reassignment, identify the security services they would have used. How much have you spent on their previous business group? What experiences have they had previously in dealing with security, was it helpful or problematic? Understanding how your customerâ€™s feel about security will be important information used to know how to approach them.
How the Security Executive Council Can HelpWhether the new leader is an advocate, associate or assassin, in a non-emotional way you will need to educate them in what your department does. You will need to show the value of security and demonstrate how others, especially his or her peers, see value in security. You will need to have documented past results, which is part metrics and part running security as a business.
If you do not currently have this information you quickly need a security perspective autopsy; how do your customers feel about security? What issues have you helped them address? Who are potential friends and who are likely not to be?
This only scratches the surface. Consider getting a second opinion from those who have experience successfully navigating the minefield of organizational change. The Security Executive Council has extensive experience and tools to help gather the information in this situation. We have helped CSOâ€™s successfully weather mergers/acquisitions and new executive management as well as assisted CSOs moving into new organizations.
When you need to know where you stand call on us to gather the information, evaluate the situation and provide you with the unbiased knowledge and advice you need to face new management and show the value your security programs bring the organization. Contact us for information on how the Security Executive Council can help you be more successful: firstname.lastname@example.org