Security Succession Planning for CSOs

You have been with your current organization for more than 10 years leading the corporate security function, having conceived and built the program, hired staff around the world and integrated the department to being a trusted advisor to senior management. Since this is your second career, you are now reaching a point that you would like to retire and pursue other passions and personal interests. After sitting down and discussing this with your boss, you realize that he or she and the management team are concerned about the lack of a succession plan for your replacement. Their position is: While your second level staff is very good operationally, they are not under serious consideration for your role, and HR will be looking outside the company for your replacement.

This scenario is something that we see quite often within the security community, at all levels, not just the senior security role. Some of the indicators that no one on your staff is a likely successor are:

There is a significant difference between your base compensation of your direct reports. We have seen gaps of more than $50,000, in which case it is unlikely that they will be viewed as being at the same management level. Also, be aware that most organizations will not increase a salary in conjunction with a promotion by more than 10-15 percent, except in the most extraordinary circumstances that require special leveling. Further, do you really want to be responsible for downgrading your role? This will send the wrong signal throughout the organization as to the importance of the position and may well result in downgrading the reporting structure.
While you have done an excellent job in identifying and hiring staff to perform a wide range of tactical activities in the security risk portfolio, you have not implemented a career development plan that allows for improvement of their soft skills, cross-functional development beyond security-related activities or providing opportunities to operate strategically with key leaders and managers.
You have not documented all aspects of your function and do not have well-developed job descriptions that can be used to identify those soft and professional skills needed to advance. Without these, how are you going to execute individual development plans? Keep in mind that these should be modeled along the same methodology used in the rest of the organization.
Allow and encourage your team to take on assignments (even if temporarily) outside the function and even outside the regions or countries they are assigned. A number of senior security executives hired by leading companies in the last 10 years have during their careers sought out and have taken on roles well outside their comfort zone so as to better understand their organization’s business drivers and build lasting relationships. This gave them a competitive advantage against those candidates who did not, and they were able to better connect with the executives on the interview teams.
Your team members have not developed relationships with your organization’s key and emerging management team beyond interacting with them on security problems.
You have not given your team members accountability for high-profile, high-impact projects to improve their credibility and visibility with the leadership team. Do you bring any of your direct reports to meetings with your boss and other senior leadership and encourage participation? If you are not comfortable with this, why would you think management would consider them as having potential as your successor?
Have you engaged in discussions with your boss and the HR manager responsible for organizational development concerning the irrational, political and emotional dynamics of succession planning and evaluation of future potential within your company?
There is only one person in your function who you feel is an appropriate successor, and you do not have not backup plan. What do you think will happen if that person advances their career outside and takes a CSO role for another company with a great compensation package?

These handful of indicators can be used as a starting point for your career development and succession planning initiatives. Being aware of the commonly observed pitfalls can help you maximize the effectiveness of your program and will be beneficial in ensuring you have a talent pipeline strategy aligned with your organization for not only your role, but also it can be used to view the needs of your entire function to assist with its future success within your company.

Jerry Brennan is co-founder and Chief Executive of the Security Management Resources Group of Companies (www.smrgroup.com), the leading global executive search practice focused exclusively on corporate and information security positions.

Lynn Mattice is Managing Director of Mattice & Associates, a top-tier management consulting firm focused primarily at assisting enterprises with ERM, cyber, intelligence, security and information asset protection programs. He can be reached at: matticeandassociates@gmail.com

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.