4 minute read
Building relationships in the security and risk suite and why it matters
MEL MIGRINO
BUILDING RELATIONSHIPS IN THE SECURITY AND RISK SUITE AND WHY IT MATTERS
by Mel Migrino, VP and Group CISO, MERALCO Group Chairperson and President of Women in Security Alliance Philippines
Looking back on my first leadership role in security and risk, I was young and lacked experience in managing a complex workplace. I simply focused on what I do best and ensured that my team was equipped to identify and treat security risks. I thought that would be sufficient to enable me to thrive as a leader.
At the end of the day I thought I was running an independent team where callouts are made regardless of whether or not teams follow. In this challenging time where we juggle the demands of IT and risk management, there are teams that view risk through a different lens, perhaps deprioritising security initiatives by adopting a ‘wait and see’ mindset, leading to potential significant risk exposure.
Change is unavoidable. The network we are accustomed to protecting is no longer fixed, it has extended outside the perimeter defences bringing more valuable services and better experience to end users. Many organisations will need to adopt agile and continuous delivery business models to bring value in this era of innovation and transformation. This bring significant new challenges as well as opportunities for security and risk leaders.
Security and risk teams need to adapt to the rapidly evolving digital organisation, which means they need to develop a partnership approach to the development of policies and standards. They need to show technology teams they are part of a collaborative group that is ready to listen and provide workable solutions to ensure the protection of assets. The security and risk leader needs to be working in a hyper-collaborative mode with other business leaders
to ensure the security and reliability of products and services.
Hence it is paramount to understand the desired outcomes of an effective security and risk leader.
1. A C-suite influencer. Security and risk leaders regularly interact not only with the IT leaders but with the other business leaders and executives in the organisation to ensure they are aware of how security can help support business objectives.
Among these leaders are the chief finance officer, chief data officer, heads of marketing and sales, product, and even executives of third parties providing products and services to the organisation.
Such interaction is essential to enable security and risk leaders to keep up with rapidly changing demands.
2. A risk manager with a futuristic view. Security leaders position risk management at the heart of business processes and technology implementation.
Information risk management is treated as an accelerator to drive better digital changes in business operations.
Security leaders look at AI and threat intelligence as tools to identify, correlate and mitigate risks that affect core assets.
3. A leader who focuses on talent strategy and development. One of the key challenges for security and risk leaders is recruiting and retaining the right talent. With the huge demand on security and risk across the globe, it is difficult to keep high performers for a long time. A reward and recognition plan developed with the compensation and benefits team should be rolled out and effectively communicated. In addition, a well-documented succession plan for the executive leader should be in place to ensure the overall security and risk strategy remains intact despite unforeseen challenges. Talent strategy should focus on upskilling security and risk resources, considering resources with an interest in these areas for training and guidance and developing a succession plan for security and risk leaders at all levels and in all domains.
4. A leader who can balance a stressful work environment and personal endeavours. Fatigue is real, but security and risk leaders should be able to define boundaries between working and nonworking hours. They should be able to identify their responsibilities from the onset of their work and regularly evaluate whether the initiatives they are involved in are within the scope of their role.
Demonstrating effectiveness is crucial, but there
is also no exact formula for this. Leaders need understanding and the ability to balance priorities to influence others and get the job done.
Security and risk leaders must leverage their personal strengths if they are to be effective in their roles, which continue to expand as organisations become increasingly digital. Their roles are moving into unchartered territory; thus they must focus on the things they can control and employ the right set of resources to plan for uncertainties. Security and risk leaders who can blend these behaviours over time will be highly effective.
