To overcome any perceived or real impediments to an effective security risk management process, those interviewed rely on their management skills rather than their security knowledge. Qualities such as flexibility, diplomacy, and persistence as well as the ability to conceptualize, delegate, build relationships, and deal with ambiguity are essential to an enterprise security risk management leader.
Security professionals credit courses on leadership, training on enterprise risk management, and advanced degrees in business as indispensable when polishing executive skills. Developing a thorough understanding of the enterprise’s business objectives and participating in its strategic plans are also essential.
Reaching out to coworkers is important as well. John Petruzzi, CPP, managing director of ERM at Andrews International, a firm that specializes in security and risk mitigation, advocates “simple networking 101.” That includes having lunch with counterparts and conversations with senior leaders.
“While they might not be able to tell you how your job will change in five years, they probably can tell you how theirs will,” he says.
Communicating effectively is high on everyone’s list of essential business skills. To Weir, communication means “having two ears and one mouth…being a better listener than talker.”
Making conversations relevant to the audience and speaking confidently in nontechnical terms are other components of effective communication. Petruzzi says that security professionals should know at least five processes that they are measuring monthly and “be able to articulate them in the two-minute elevator talk.”
Boni notes that “people will be a lot more supportive if they understand how your plan is going to benefit them directly.” And that support is the key to accomplishing the ESRM mission.
Mary Alice Davidson heads a publishing consultancy in Spartanburg, South Carolina. She is the former publisher and editor-in-chief of Security Management.
@ Some graphics illustrating aspects of ESRM models used by those interviewed for this article are attached below.