There is a knack to achieving security in a global organisation, Stephen Jackman says. CISSP/CISA qualifications help - so does a vision of thinking globally, but acting locally.
The achievement of good security in a global organisation is usually dependent on establishing a common approach to its challenges, but anyone who has worked at a global management level will also understand that you can't sit in a central office creating edicts to be followed around the world. The trick is to get the global team working as one, an exercise in skill as well as organisational development.
Globalisation is a new thing for most firms. They are evolving away from working in operational silos, or ‘stovepipes', as Stephen Jackman, director of security operations, Barclays Capital, calls them. “A decision made locally can have an impact elsewhere in the world: people need to be trained for that.”
The development of international professional certifications, such as the CISSP and CISA, is giving people a common basis of principles. For Jackman, who covers 26 countries, working with regional teams, these only provide a starting point. Citing the simple example of a UK administrator wanting to send a corrupted database to a US-based supplier, he points out that the existence of Europe-wide data means that safe harbour agreements for data protection between the two countries do not apply. “International managers must develop the decision-making capability to anticipate this kind of problem and develop this in local teams,” he says.
Typically, a global company would be managed by high-level objectives, which become the basis for objectives set at regional level and are then cascaded down to local teams.
This structure also provides a framework for a skills-gap analysis that reveals clear opportunities for cross-pollination between teams, preventing “stovepipes of knowledge” from developing. “The challenge requires more than scheduling a weekly conference call. It is about fostering an understanding that different parts of the team can be a resource for – and benefit from – the experience of the others. Once this instinct to work collaboratively develops, recognition of the need to consider issues outside local boundaries comes with it.”
Jackman encourages the pairing of staff from different regions to mentor each other and empowers managers to make decisions outside their national boundaries.
“It is about building up resilience,” he adds. “You are more effective if you have people who have worked together before an incident occurs – rather than waiting until a problem arises.”