INSIDER_Jun_Jul10 Iss3_52pp
12/6/10
4:13 PM
Page 29
SECURITY RISK MANAGEMENT
GETTING MORE FOR LESS
By Rod Cowan*.
Coming from an engineering background, Craig Millar, unlike many security managers, has no police or military past. He does, however, have the benefit of university
so on can be cascaded from there downwards. So I think it’s extremely important that that’s pitched at the right level. As an example of how it shouldn’t work, in my
qualifications and working both sides of the fence, so to
opinion, is that the Corporate Security Manager reports to four
speak: on the provider side in sales with Ademco, and State
or five levels down. For that security manager to report
Manager for Group 4; on the buyer side as head of security for
something significant — to have to act fast and immediately —
Rothman’s and most recently in his current position as Head of
the chain of command might be too big. And, therefore, the
Security for Citigroup Australia/NZ, where he is responsible for
message may be watered down. I guess in a non-urgent
all physical security aspects, from manpower to access control
situation, the actual program information may not get to the
to security risk management. Dressed in the standard industry
CEO — the CEO may not be aware of the inherent risks to an
outfit — dark business suit, white shirt and silk tie — Millar is
organisation — and, if they’re not aware, they obviously can’t
quietly spoken and naturally reticent, as he talks about the
provide support. So you certainly can get the best level of
challenges the industry faces and why he thinks it needs to be
support by the security manager and the security program and
a top-level management activity.
the people running it reporting to the highest level possible within an organisation.
Security Insider: Craig, where should security sit within an organisation, and, how important is that placing? Craig Millar: I think that’s one of the most important factors of all, and that is, if security can report to as high a level as
SI: Do you see enough evidence in corporate Australia that organisations have top-level endorsed security strategies? CM: I think in recent years, yes, there’s certainly evidence of
possible, such as the CEO or the CFO or the Chief Operation
that. One of the industry groups that I’m a member of has some
Officer, then that’s an excellent place to get buy-in at a senior
senior members from other organisations, and if you look at the
level. And then the security program or the security systems and
organisation charts, certainly the Corporate Security Manager is continued page 30 >
SECURITY INSIDER JUN/JUL 2010// 29