You’ve gotten the news that you’ll be reporting to a new boss. Whether it’s due to an internal shift or an outside hire, an M&A or a restructure, such news can bring with it a cascade of unknowns.
What will this mean for your function? How much does this new leader know about what you do? Is this a chance to start fresh from a difficult situation, or are you about to lose all the executive influence and rapport you’ve worked for?
Once you’ve had a moment to wrap your head around the news, there are a few things you can do to help ease your transition to new leadership.
First, don’t assume the shift will be inherently good or bad for you and your function. Treat the transition as you would treat any change – do your due diligence. Collect data, analyze potential impact, and decide how to strategize your approach to the new relationship. Part of this process will be to find out what type of leader your new boss is.
Leaders tend to fall into one of three categories when it comes to a relationship with the security function.
Advocate. This is someone whose security goals align with yours and who is prepared to defend you and the security team in conflicts with other management.
Associate. This person can be best be described as a significant customer. Your goals align in some places and not others, and you may disagree sometimes on the details of how to achieve them.
Antagonist. This leader likely does not understand security’s role in the organization and does not believe security to have significant value. He or she may have a mandate that is at odds with your understanding of risk management for the company.
To find out which of these three your new boss is likely to be, begin by doing some thoughtful investigation into why new management is being brought in. Take the perspective of the new management, ask hard questions, and be brutally honest with yourself. Is this person here to better align security with the organization, to turn around a floundering program, to sustain current success? What led the organization to this point?
Next, research the new leader’s career history. Identify the most likely security issues or risks they have faced with previous organizations and prepare to answer questions related to these issues. If the new leader is an internal reassignment, identify the security services they have used. How much have you spent on their previous business group? What experiences have they had in dealing with security? Were they helpful or problematic? Knowing what you can reasonably expect from the relationship will help you understand the risk the transition presents and prioritize the steps you can take to mitigate it.
Regardless of what type of leader this new boss is, however, your best general approach to the transition will be a proactive one. Any new leader will have his or her own agenda, goals, and perspective on security and its role, so some meeting of the minds will always be necessary. Whether you’ll have to defend security’s existence or bring awareness to new opportunities, you’ll do better if you have documentation and data at the ready.
Some useful items to collect or prepare:
- clear and simple documentation and communication of what security does on a day-to-day basis (click here for information on how to create a security storyboard)
- list of successful security initiatives with positive internal customer satisfaction responses
- security strategic plan with key performance indicators (for more on KPIs, click here)
- additional value metrics such as reduced cost of compliance, reduction of security-related incidents, or reduced loss attributable to security technology or staff (for more on value metrics, click here)
- documentation of board-level risk alignment (for more on board-level risk, click here)
Preparation will be easiest if you already have security’s story in place and can back that up with data that confirms the value provided.
Whether your new boss is an advocate, associate, or antagonist, with preparation you can make the transition to new management as smooth and productive as possible.
Answer provided by Bob Hayes, Managing Director, Security Executive Council.