Rebuilding Influence after Corporate Restructuring

May 1, 2011

Company reorganizations are a fact of business that may have grown more frequent as our economy has changed in recent years. If your organization is going through one, or you believe there may be cause for changes in its governance and reporting structures, it is critical for you to think about the impact these changes may have on security’s influence.

Will there be any personnel changes at the senior management level? If previously supportive people leave, all of the ground you covered and trust you earned while gaining support for your program may be walking out the door. Hopefully, you already have a metrics program in place so you can show new senior management an objective view of your program goals and accomplishments. Remember: Brief and to-the-point presentations are crucial for this audience.

If you will be reporting to a new boss, there are several questions you should ask yourself. Have you taken steps to educate him or her about your program, the value it brings, and the results you have achieved? Are you able to effectively and quickly communicate the services the organization finds valuable, including the view from your boss’ peers? Can you clearly articulate who the primary customers are of each security service? Can you demonstrate how each area of the company (audit, sales, comptroller, marketing, R&D, etc.) utilizes security? Can you demonstrate the cost, head count and results of each program/service?

Get yourself to the place where you can answer “yes” to all of these questions. Then, after doing that, discuss with your new boss what he or she feels should be changed or modified. Consider reinventing or restructuring your security program in a manner that (re)appeals to senior management and (re)establishes it as a crucial partner within the organization.

How well have you been aligning your programs with corporate-level goals? Do you know how ready your organization is for your security programs? Do they look at them as reducing risk in well-defined areas (e.g., workplace violence or investigations)? Do they view security as a true business partner? Knowing how senior management views security will help you define your programs to meet their current expectations. You can’t expect your programs to be accepted (or continually accepted) because they may have worked in the past. You must keep up with the ongoing transformations of the business.

You must also take a hard look at where you are as a security leader. Have you settled into a “maintenance” stance? While it is clear many security departments are currently understaffed and are working with a meager budget, consider the next stage you want to achieve. Try to find a way to keep existing programs well maintained while you build up your capacity to identify and manage emerging issues. If your department is thought of as simply a cost center, when the inevitable business shifts loom, you will surely be in the line of fire.

When corporate restructuring is on the table, take the time to think through your situation and the organizational structure. Then, plan strategies that will eventually get you back to the position of a valued, revenue-enhancing partner of senior management. And look at this as an opportunity to improve your function, build its influence, align it with business goals, and better reduce risk.

If you have questions on how to realign after a structure change, or if you’d like to share your experiences and lessons learned, contact us at contact@secleader.com.

Bob Hayes is Managing Director of the Security Executive Council. He has more than 25 years of experience in security, including eight years as the CSO at Georgia Pacific and nine years as security operations manager at 3M. The Council works with Tier 1 Security Leaders™ to reduce risk and add to corporate profitability in the process. To learn about becoming involved, visit www.securityexecutivecouncil.com/?sourceCode=secmag.

Kathleen Kotwica is executive vice president and chief knowledge strategist for the Security Executive Council. Prior to joining the council, she held a wide range of leadership positions, including information architecture consultant at a New England consulting firm, director of online research at CIO and CSO magazines, and research associate at Children’s Hospital in Boston. The Security Executive Council, a risk mitigation research and services organization for senior security and risk executives from corporations and government agencies responsible for corporate and/or IT security programs. In partnership with its research arm, the Security Leadership Research Institute, the Council is dedicated to developing tools that help lower the cost of security programs, making program development more efficient and establishing security as a recognized value center. Visit https://www.securityexecutivecouncil.com/about/spotlight.html?sid=26499.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.