BLUEPRINT

A Global Chief Security Officer Defines a Three-Year Security Strategy Roadmap

Challenge

As a torrid, three-year acquisition spree wound down, the executive leaders of this global pharmaceutical giant began to focus on how to address a much wider, global set of risks to its newly expanded portfolio of businesses. “We are a more complex, diversified company today,” the board chairman and former CEO explained in a face-to-face discussion. “And we have a lot of strategic security issues here we need to address in a much more globally integrated way.” He ticked off the priorities on his fingers. “Supply chain integrity. Product diversion and counterfeiting. Workplace violence prevention. Threat assessment. Executive protection.” The list went on.

Action

Our counsel to the CEO was straightforward. “Here’s what we hear you saying,” we said. “You have four immediate priorities. You need a clear understanding about where the greatest risks to your company reside, new security leadership, a global vision and an integrated plan.” Our communications team worked with subject matter experts to complete comprehensive risk, threat and vulnerability assessments of the enterprise’s four most critical facilities. Using the results of these independent reviews – along with input and feedback from the management and functional leaders across the enterprise – we drafted a comprehensive, three-year global security strategy blueprint.

Impact

The client was pleased with the security strategy blueprint. “Feels like we wrote this ourselves,” the CEO said. Core plan components included (1) message-rich letters from the CEO and head of security, (2) an overview of the risks confronting the business and their direct implications for security; (3) a brief current state assessment of the security function, from people and structure to operations and metrics; (4) an end-to-end description of the security program, from mission, objectives and principles to nine core program components and eight primary areas of focus; (5) and the actionable portion of the plan itself, including an org chart, Gannt chart, objectives and milestones by period, a one-page graphic representation of the strategy and a scorecard for all three years. The Global Security leader made minor tweaks to the tactical action plan at the end of the report and authorized publication of 300 printed copies which he passed out to functional leaders and other internal stakeholders throughout the year. Several years later, this client was still using this framework to drive its evolving three-year security strategy. Over the years, we developed six of these security strategy blueprints - one each for companies such as Mars, NBCUniversal and Mylan Pharmaceutical.