Professional Monitor: In association with (ISC)2

Opinion

The HR department can play a valuable role in recruiting information security staff, says Alessandro Moretti

The HR department can play a valuable role in recruiting information security staff, says Alessandro Moretti.

As the role of information security teams finally gains recognition, hiring managers face a major challenge in ensuring the right mix of talent for their organisation.

Alessandro Moretti, executive director for IT security risk management at UBS Investment Bank, uses the skills available within the bank's human resources department and combines them with his own sense of judgement. He says his relationship with HR has helped make the hiring process more efficient.

Moretti's team of 25 is spread across several global UBS offices, with roles covering developers, administrators, risk analysts, architects and team managers. It is company policy for all permanent positions to be a joint hiring decision between HR and line management, while contract positions - which make up 40 per cent of the team - can be recruited without HR approval. Moretti has turned to HR for both, building a relationship with the recruitment professionals that allows them to understand and anticipate the market for the breadth of talent the bank requires.

"My objective has been to work with HR to develop a mutual understanding of the type of team I operate," says Moretti. "This goes beyond the specific skills to include an appreciation of the diverse employment opportunity in the department. HR is then in a position to understand the objective of a particular post as the need arises."

All job specifications are defined by Moretti. The recruiter then applies expertise in identifying the qualities required to deal with the pace, stress-level, and particular challenges for practitioners. A recruiter will track relevant qualifications and market value of skills and qualities that will be required by the business line. This knowledge serves to both anticipate and counteract claims of skills shortages, allowing an accurate forecast for staff budgeting.

"The value we have received is directly linked to the strong relationship we have built with HR," says Moretti. "I used to rely solely on my direct contact with the professional community for recruitment. Now I have a broader perspective for attracting the right candidates."

VIEW POINT

Does HR help recruitment?

- Do you receive value from HR?

NO: 2,112

YES: 1,797

- Do you involve HR in the hiring process?

NO: 1,988

YES: 1,921

- Who is responsible for the hiring decision?

HR: 197

Business Line: 1,734

- Nearly 4,000 information security professionals across the globe told us whether they felt they gained any value from their corporate human resources department. More than 50 per cent said "No", while around half of HR managers share the responsibility for hiring.

"HR seems to be seen as a necessary evil in many information security organisations," said John Colley, managing director, EMEA, at (ISC)2. "We should be finding ways of working more effectively and closer with HR, just as we are now doing with the business."

CPE CORNER

- EVENTS TO BOOST YOUR SKILLS

Regional expansion for ISSA in UK

13 Dec 2007

The ISSA UK chapter's next meeting will be at Deloittes, 180 The Strand in London at 5.30pm. ISSA members can register at events@issa-uk.org. Those interested in a free 90-day trial membership can sign up at www.issa.org/Join/Join-Online.html, and then register for the meeting.

- (ISC)2 EVENTS FREE TO MEMBERS

Emerging Threats Conference

4 March 2008

Kensington Town Hall, Hornton Street, London, W8 7NX.

Topics include malware campaigns, social engineering and a panel on quality standards for security software and services. With Chris Simpson, secretary to the ACPO E-crime working group of the Metropolitan Police. Free to (ISC)2 members, £349 for non-members.

- (ISC)2 online e-Symposia

Available exclusively to (ISC) members, this series features half-day online conferences focused on a current subject. Each conference is archived for 72 hours after the event. For more information and the current schedule go to www.isc2.e-symposium.com.

- For more information about any of the articles on this column, email Lyndsay Turley at lturley@isc2.org or visit www.isc2.org.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events