Seeking to accurately define the profile of the ultimate group security manager can pose a considerable problem – largely because, in today’s world, the very word ‘security’ presents a kaleidoscope of different images. Security may be interpreted in so many varied and different ways that even those who work within the industry are often both surprised and confused by the ever-increasing range of activities listed under the banner.
It’s perhaps not surprising, then, that individuals unfamiliar with the sector have an even greater difficulty in understanding what it is we mean by the word ‘security’. At best, it’s probably fair to assume that most people would associate the term with guards, alarm systems, CCTV cameras and the ever-present barriers and other access systems we see at airports and the like. These are the day-to-day public images of security, but in reality they represent only a fraction of the overall picture.
What do we mean by ‘security’?
So what do we understand is actually meant by the term ‘security’? In its broadest sense we are talking about the implementation of measures and procedures to protect and safeguard property, buildings, information and people. In corporate and/or company parlance we would refer to these variables as ‘assets’.
That is how we would also define the function of a group security manager. An individual who is tasked with protecting and safeguarding a company’s assets.
To fulfil this role, the group security manager must be able to demonstrate an extensive range of management and specialist skills. A thorough understanding and knowledge of all the relevant security functions is clearly a prerequisite. However, there are other skill sets which are equally necessary – none more so, perhaps, than the ability to articulate at Board level the importance of an effective corporate security strategy.
The group security manager must be able to convince the Board that the management of security is an integral and vital part of a company’s business and operating strategy, and cannot be left to non-security professionals. It’s also important to ensure the company understands that decisions regarding or affecting security should not be allowed to be taken independently and ‘scattered’ through the management structure. This can lead to contradictory polices being implemented, or indeed measures that may delay the prevention or detection of possible criminal activities.
For instance, while a facilities manager is afforded responsibility for managing the day-to-day security of a company’s premises, the IT manager for taking care of the security of the data systems and the human resources leader placed in command of pre-employment screening, it’s quite possible that any – or all three – of these managers may fail to report security incidents or problems they may have encountered beyond their department. In some cases this may be because the problem has highlighted a security weakness in their own department which (by way of avoiding embarrassment) they have sought to deal with under their own steam. In other instances it may be the case that the impact and/or extent of the security problem has neither been understood nor – worse still – identified.
The job function: key skill sets
The ultimate group security manager must possess the ability to be able to:
To successfully undertake these responsibilities, the group security manager needs to show that the security of the company cannot be managed in isolation from the remainder of the business. The development and implementation of effective security strategies, policies and procedures can only be achieved with the full understanding and co-operation of all elements within the company.
Gone are the days when the Security Department remained remote from the rest of the company, with neither side making any real attempt to learn what the other was doing.
So what are the specific areas of activity for which the group security manager must take responsibility in responding to the security needs of the company, and ensuring that the company’s assets are indeed properly protected and safeguarded?
In this day and age the list of necessary skills seems to be forever expanding. That said, some of the more obvious and frequently used areas of corporate security include: business continuity planning, confidential investigations, electronic countermeasures and telecommunications security, emergency procedures and crisis management planning, event security management, IT and data security and information security.
There’s also manned guarding services, personnel security, pre-employment screening, security audits and reviews, security contract management, strategic planning, security systems and equipment procurement, training and site/building security planning.
Sourcing and evaluating information
While it’s appreciated that few people can demonstrate a comprehensive knowledge and experience of all these subject areas, the ultimate group security manager should at least know how to source and evaluate information on them. This includes, for example, sourcing competent expertise from without to provide consulting support in certain specialised areas.
Whether developing a security strategy or presenting policies to the Board, the security manager must clearly show that they know what they are talking about. Fortunately, there are now many places to help security professionals source the relevant data. Umbrella organisations such as the British Security Industry Association (BSIA) issue – on a regular basis – a wide range of publications covering most mainstream security topics, as well as any relevant Government guidelines or legislation that may need to be considered.
In determining someone’s ability to fulfil the role of group security manager, it’s often difficult to accurately assess their level of knowledge and experience of security from a CV alone. Their previous employment history is clearly important, as are the qualifications and affiliations the candidate may hold. Many companies seek a degree level education for their managers (as well as proof of relevant experience), and security management is no exception. The Scarman Centre at the University of Leicester now provides a foundation degree for those wishing to study security and risk management, and there are a number of other solid security and managerial courses on offer from organisations like SITO.
Several security industry bodies including ASIS and The Security Institute (TSI) are working hard to raise the profile of security professionals through promoting best practice within the industry, and by providing qualifications of experience and ability. ASIS does so through its Certified Protection Professional (CPP) examinations and accreditation, TSI by way of its validation process on application for membership.
In addition to pure security skills, the importance of good interpersonal and management skills are attributes that have to be demonstrated. Managers must be able to communicate effectively with all levels of management and members of staff throughout the company, and demonstrate a clear understanding of how security is effectively aligned alongside the commercial interests of the company. Security professionals also need to be able to justify their recommendations by, for instance, putting forward a sound business case as and when the need arises.
Good communication is vital
Security is often viewed as a ‘sticking plaster solution’. Why? Well in many cases security measures are only agreed to once the business has (unfortunately) experienced what can happen without them. The top level security managers will be able to ‘sell’ the necessary security solution to prevent an incident from occurring – not just to prevent an incident from happening again. Despite the events of September 11 last year, the ‘it could never happen to us’ mentality will always remain. It takes a good communicator to be able to make people see the real threats, and understand what impact they could have on a business.
These days, one of the most effective drivers to obtaining the support of the Board and senior management is corporate governance – ‘the need to be able to show that risks to the company’s financial and business operations have been properly assessed’. Security plays a very important role in this assessment.
Even with the best security measures in place, without the full co-operation of others their effectiveness will be weakened or (in some cases) totally undermined. The ability to present, for example, the justification for proposed security recommendations in three different ways – the business case, the risk and security issues and then the personal benefits to all – is fundamental to achieving support.
Communication and presentation skills are not just about being able to talk to people. How a manager looks, sounds and acts will play a part in whether those listening will respond positively. Equally, communication is a two-way activity and involves input from both sides. Listening to others will help bring possible security threats to immediate attention. Understanding their roles, policies, activities, personalities, thoughts and feelings will all be useful when developing security measures and systems that are both practical and effective.
The ultimate group security manager will be the man or woman who fully understands the company machine, and what it needs to survive. Conflict often occurs between implementing the best practice security measures and hindering business activities, but with a greater understanding of both the business and constant innovations that take place in the security sector, such issues can usually be resolved without compromising either security or the company’s major business objectives.
These days, far less emphasis is being placed on a ‘security mindset’ in favour of a more flexible approach to integrating security risk management within an organisation. The more forward-thinking and focused security managers will be able to use the best of both worlds. The phrase ‘security mindset’ is often associated with a dogmatic implementation of the traditional security areas such as fencing, guards, alarm systems and CCTV. What it should stand for is the ability to identify the risks and security weaknesses in all areas of the organisation – whether buildings, property, people or information – to ensure that the proper safeguards are in place.
Management and organisation
Management and organisational skills are also key to the success levels of a good security manager. With such a wide range of areas and issues to be covered, they will need the ability to manage a number of projects at any one time – and, most likely, a number of people. Where big changes or large investments are made, support may dwindle during or after the project’s completion. Thus it’s a good idea to monitor and assess various areas, recording any improvements or listing further recommendations that must be borne in mind.
Demonstrating the effectiveness of security provisions on a continual basis will help to strengthen the position of a security manager, and pave the way for favourable responses to future business suggestions.
In many companies, security is now very much back on the Board Room agenda. The group security manager must seek to ensure that this always remains the case. As discussed, this requires a range of skills and attributes.
Ultimately, the key to success and progress is to show that, as a professional manager, you can confidently assess and deal with the many and varied security risks to which the company’s assets will continually – and inevitably – be exposed.
