Security Leadership and Management

Business Evolution Requires Active Security Alignment

Business continues to change, and if the next generation of security leaders hopes to succeed, they must be prepared to change with it, says Dick Lefler, former VP & CSO of American Express and current Chairman and Dean of Emeritus Faculty for the Security Executive Council. This will require, among other things, a much more active pursuit of alignment with the organization’s structure, goals and strategies.

“What matters to the organization in terms of a risk management role is that you’re identifying the risks that could either disrupt or enhance the organization’s strategy,” says Greg Niehaus, professor of Finance and Insurance for the Moore School of Business, University of South Carolina. “Alignment is important in that you want everyone in the organization to be thinking about and potentially identifying those risks.” When the security leader is confronted with evolving business goals, evolving operational models, and evolving risks, such alignment can be more of a challenge than it has ever been.

“I think the next generation of security leaders is going to be faced with two significant risk issues to manage,” says Lefler. “First, companies are doing business differently than they have in past generations. The next generation security director will have to demonstrate skills that not only are aligned to the business enterprise but that also reflect change in the way business is conducted.”

The biggest change Lefler sees is an ongoing shift from a vertically integrated business model to a horizontally integrated one, meaning that fewer and fewer business functions are performed in-house. “From that point of view, a lot of your risk lies with somebody else’s employees, goods and services, and the ability to deliver those to you to further enhance or add value to the product and ultimately sell it. In today’s competitive environment, you depend on others to provide raw resources, manufacture goods and manage services like IT. The radical shift is that you’re now managing risk relationships as opposed to managing the risks themselves,” he says.

He offers the example of an electronics company that outsources its manufacturing. “If your manufacturer fails to provide you with adequate supplies based on your contract, you won’t be able to sell as much product as you planned, and that will have a significant impact on your revenue and stock price,” he says. “So part of that risk exposure may be the failure of your electronics manufacturer to adequately vet its employees or manage the risk in its own facilities.” The security executive’s responsibility in this case includes working with Legal to develop contracts that limit this risk exposure and to act as an agent of influence not only on his or her own senior management, but on the management of the contracted manufacturer. This expansion of responsibilities is just one of the elements of business alignment in an evolving risk atmosphere.

The second issue Lefler feels will most impact the next generation of security leaders is compliance. “Compliance in the global marketplace is continuing to grow, and we’re continuing to see sovereign nations work together to create increasing levels of compliance requirements that carry with them penalties for failure to comply. The next generation of security leaders will have to be as sensitive to compliance as they are to the risk issues that can impact on the company. Failure to comply is a risk issue in and of itself.”

Alignment in a changing risk and operational environment will require security leaders to actively engage management in an ongoing dialog, to ensure a shared understanding of business strategies and goals as well as identification of risks that are critical to the company and the Board.

Lefler, Niehaus, and Randy Harrison, managing director of Corporate Security for Delta Air Lines, will instruct a course on business alignment for the Security Executive Council’s Next Generation Security Leader Development Program, a virtual security executive development program launching in January. Their course, Aligning Board Level Risk and Business Unit Mitigation Strategy, will cover the business perspective on alignment and provide the foundation for positive results drawn from the experience of former and current security executives. To learn more or to register, visit   

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Marleah Blades

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security magazine March 2015 issue cover

2015 March

In this March 2015 issue of Security check out our product preview of ISC West 2015. Also, learn how to make the best use of your security technology by working with your security integrator, get info on penetration testing, and discover how white glove security can enhance bottom line real estate value.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.