Leadership Solutions

After You've Moved Into a New Role in Security

As the new Security Leader, or an existing one with new responsibilities, how do you engage the business? To be successful seek the responsibility and authority to align security with the vision and mission of the business. Security leaders at any level should look for opportunities to be both creative and productive for the business. The following are some thoughts on how to approach this.

graphic of what to do after joining the company as a security leader

Get to Know the Organization's Leaders

Meet with business leaders at all levels. Focus on their business challenges (not security challenges) and aim to do this at least every 18-24 months.

  • Why do this? It keeps security visible and in sync with business leaders and their operations. It shows you want to understand their business operations and needs. Face time and short conversations about their issues builds rapport.
  • What is the benefit? Other business leaders will appreciate that you have gone out of your way to really understand their world and will have greater respect for you and your team. It will give you a sense of how open they are, or are not, in supporting your security plans.
Tip: Ask them to breakfast, lunch or dinner and learn about families, sports and their other interests - it'll pay benefits down the road.

Creating Your Roadmap

You are in the company primarily to do three things: Make it safer, more secure and more profitable.

  • Why do this? Business leaders get the safer and more secure mission. But you need to demonstrate your enthusiasm ("marketing yourself") by learning the business and sharing how a smart security can improve profitability.
  • What is the benefit? Their attention and engagement. Yes, they need to be open to your vision, but it is key that you communicate to them in business terms that they relate to. This requires your leadership in developing trusting relationships with the executive team.
Tip: Also engage Audit/Finance, Business Development (e.g., mergers and acquisitions), Human Resources, Information Technology, Facilities Management, Ethics/Compliance, Health/Safety, and all business segments. Why? Because they all lead to the C-Suite!

Understand the Business and its Infrastructure

Understand how the business is run and how it measures success. Learning the scope of its operations and product lines and speed of operation can be daunting. Often security is not included in these activities. Find ways to break this barrier.

  • Why do this? Creating good relationships coupled with an understanding of the businesses' operational goals when done well helps you to align security programs and services to business needs.
  • What is the benefit? Being proactive helps you be ahead of many other issues such as pending union contracts, workforce reductions, and potential mergers or acquisitions
Tip: Aim for understanding potential security issues and you will never be surprised. Then be committed to continually tweaking those improvements as you and your team move forward.

Learn the Business' Culture Before Making Early Recommendations

Learning a business' culture is essential before making substantive recommendations.

  • Why do this? Knowing the business' culture regarding security is essential to avoiding mistakes of the past. What has been tried in the past? Is security insourced or outsourced and what has been successful? What did not meet the business' needs? Do others in the business have ongoing security activities such as background checks, ethics, audit/financial, or other investigations perhaps even done by outside contractors? Often these security activities happening in other business units are unknown by senior management. When these activities are uncovered are the functions doing them cooperatively or do they assume this is their "territory?"
  • What is the benefit? Visibility and clarity around who is doing what and why across the enterprise when it comes to security. As a senior security leader you must become aware of activities that have a direct nexus to your security mission.
Tip: Know who is doing any type of investigation in your company. Often those doing investigations do not have the appropriate credentials that could result in mistakes that can cost the business resources and in some cases reputation.

Initial Assessment

Your initial assessment needs to be unbiased. Seek recognized mentors outside your function or company. Seek those that have "been there and done that" in both business and security. Recruit security team members who are lifelong learners focused on being business partners, and can relate to executives' issues as well as contract workers.

  • Why do this? Avoid coming into the company with a preconceived plan or a template on how to improve security in their business. Every business is unique and your job is to tailor security initiatives to those needs.
  • What is the benefit? It opens a dialogue. Each business has its own distinctive security needs and your job is to adapt smart security solutions to meet those needs.
Tip: Engage with your business leaders and ask to join them at executive business meetings to learn both day to day and longer-term business issues and plans.

Next Steps

No matter how much experience you have it will pay enormous dividends to bring in someone who has "been there and done that" to offer perspective when starting on a new leadership position. Just having someone to discuss or review plans with can help make sure you get off on the right foot.

The Security Executive Council is made up of former leaders of some of the worlds most esteemed security programs. We help guide some of the biggest names in the business. Contact Us to find out how we can help you achieve your goals.

Download a one page graphic of the information shown on this page you can use as a reminder or to share with others:
Click to download PDF file

Additional Resource: The SEC's book, From One Winning Career to the Next, written by SEC Emeritus Faculty J. David Quilter, gives practical advice on challenges, forming an effective team, and making a business case to gain executive support for a security agenda.