INSIDER_Jun_Jul10 Iss3_52pp

12/6/10

4:13 PM

Page 29

SECURITY RISK MANAGEMENT

GETTING MORE FOR LESS

By Rod Cowan*.

Coming from an engineering background, Craig Millar, unlike many security managers, has no police or military past. He does, however, have the benefit of university

so on can be cascaded from there downwards. So I think it’s extremely important that that’s pitched at the right level. As an example of how it shouldn’t work, in my

qualifications and working both sides of the fence, so to

opinion, is that the Corporate Security Manager reports to four

speak: on the provider side in sales with Ademco, and State

or five levels down. For that security manager to report

Manager for Group 4; on the buyer side as head of security for

something significant — to have to act fast and immediately —

Rothman’s and most recently in his current position as Head of

the chain of command might be too big. And, therefore, the

Security for Citigroup Australia/NZ, where he is responsible for

message may be watered down. I guess in a non-urgent

all physical security aspects, from manpower to access control

situation, the actual program information may not get to the

to security risk management. Dressed in the standard industry

CEO — the CEO may not be aware of the inherent risks to an

outfit — dark business suit, white shirt and silk tie — Millar is

organisation — and, if they’re not aware, they obviously can’t

quietly spoken and naturally reticent, as he talks about the

provide support. So you certainly can get the best level of

challenges the industry faces and why he thinks it needs to be

support by the security manager and the security program and

a top-level management activity.

the people running it reporting to the highest level possible within an organisation.

Security Insider: Craig, where should security sit within an organisation, and, how important is that placing? Craig Millar: I think that’s one of the most important factors of all, and that is, if security can report to as high a level as

SI: Do you see enough evidence in corporate Australia that organisations have top-level endorsed security strategies? CM: I think in recent years, yes, there’s certainly evidence of

possible, such as the CEO or the CFO or the Chief Operation

that. One of the industry groups that I’m a member of has some

Officer, then that’s an excellent place to get buy-in at a senior

senior members from other organisations, and if you look at the

level. And then the security program or the security systems and

organisation charts, certainly the Corporate Security Manager is continued page 30 >

SECURITY INSIDER JUN/JUL 2010// 29