Talent Management

W E L C O M E T O

INCREASINGLY CHALLENGING ENDEAVOR FOR ALL ORGANISATIONS.

REGULATORY DEMANDS AND INCREASING COMPLEXITY

Regulatory demands and increasing complexity have placed steadily growing requirements on the Security & Risk Management Functions and the individuals within it. The rising complexity has not only aggravated the Detection & Control of Risks but also increased the damage in case it materializes.

CURRENT CYBER SECURITY, RISK & CONTROL FUNCTIONS REQUIREMENTS

Current Cyber Security, Risk & Control Functions require not only employees with Technical Skills but also staff who are creative, assertive, and flexible in fast changing business environments. In addition to individual Talent Management, which attracts and develops individuals, collective Talent Management ensures that an appropriate balance of talented people cooperate in the best way to realize effective Security & Risk Management.

REVITALIZING
TALENT-MANAGEMENT
CAPABILITIES IN CYBER
SECURITY, RISK &
CONTROL FUNCTIONS

Addressing the Neglected Priority for a Resilient and Agile Defense

THE GAP IN TALENT-MANAGEMENT CAPABILITIES WITHIN SECURITY, RISK & CONTROL FUNCTIONS

The build-up of Talent-Management Capabilities within Cyber Security, Risk & Control Functions has often struggled to keep pace with the new demands. Despite the growing importance of these functions, there has been a misperception that enterprise value is only generated by the revenue-generating front line, neglecting the contribution of Security & Risk Functions in preventing losses. As a result, there has been a stronger emphasis on Talent-Management Initiatives & Capabilities in frontline departments, while the development of talent in Security, Risk & Control Functions has been overlooked.

REGULATORY DEMANDS AND THE NEGLECT OF STRATEGIC TALENT & PEOPLE AGENDA

Recent Regulatory & Compliance changes have demanded high levels of Senior-Management attention and often shift the focus away from longer-term topics, such as setting an agenda focused on Strategic Talent & People. Hence, strengthening the Talent in the Security, Risk & Control Functions has not been sufficiently in focus in recent years. Consequently, this is now a priority to ensure that Cyber Security, Risk & Control functions can cope with the more challenging and ever-changing environment as well as oversee and challenge the front line.

THE IMPERATIVE OF STRENGTHENING TALENT IN SECURITY, RISK & CONTROL FUNCTIONS

Talent Management within Security & Risk Functions is perceived as an important issue by most companies. However, our findings reveal that in reality only a small minority of companies are close to realizing the ambition to conduct meaningful and effective Talent Programs in their Cyber Security & Risk Functions. Although some Larger Corporates have launched Dedicated Initiatives and started to put Talent Management in the spotlight, many companies are mostly lagging behind recommended practices and selectively have not focused on Talent Management at all in recent years.

ALIGNING WORKFORCE AND PRIORITIZING TALENT DEVELOPMENT IN CYBERSECURITY

Banks and corporates alike need to strategically rethink their People-Management Approach in the Cyber Security & Risk Functions in order to enable sustainable change. For many companies there are several immediate important moves, including the following:

Define Target Requirements on collective Talent Management for the Cyber Security & Risk Function. Individual-Talent-Management Needs can be derived on this basis.
Perform an appropriate diagnostic along Major Talent-Management Dimensions to compare the company’s Talent-Management Capabilities with Industry Best Practices and the Company’s Own Target.
Perform a bottom-up transparency screening of the current workforce to Identify Patterns as well as Talent & Skill Gaps and to compare with Self-Defined Requirements.

HOWEVER, OUR FINDINGS REVEAL

In reality only a small minority of companies are close to realizing the ambition to conduct meaningful and effective Talent Programs in their Cyber Security & Risk Functions. Although some Larger Corporates have launched Dedicated Initiatives and started to put Talent Management in the spotlight, many companies are mostly lagging behind recommended practices and selectively have not focused on Talent Management at all in recent years.

TALENT MANAGEMENT WITHIN SECURITY & RISK FUNCTIONS

AN IMPORTANT ISSUE TO MOST COMPANIES

STRATEGIC TALENT MANAGEMENT INITIATIVES

INDIVIDUAL AND COLLECTIVE

Several widely accepted and applicable Strategic Talent-Management Initiatives need to be embraced by Cyber Security & Risk Functions. The ﬁrst few Initiatives focus primarily on enhancing Individual-Talent-Management Capabilities, while the last Initiative, targets mainly Collective Talent Management.

ATTRACT & RECRUIT TALENTED EMPLOYEES

Across the board companies face challenges sourcing and hiring great Employees. The challenges can be even more pronounced when recruiting Cyber Security & Risk Talent, given the smaller Talent Pool & Employment Options. However, arguably the biggest recruiting challenge is the lack of a truly Compelling Employee Value Proposition for working in the Cyber Security & Risk Management Function. Job Offerings & Compensation Packages are often not tailored to Increasingly Demanding Needs (eg Remote Working, Part-Time, Higher Levels of Benefits), partly due to increasing cost pressures. Moreover, jobs in other areas of the business are often considered to be more prestigious and are often better paid.

TRAIN & DEVELOP EMPLOYEES

Many larger companies have a “corporate university.” However, because of cost cutting, they often lack the required budget and are heavily focused on Communication & Management Skills. Particularly in smaller Cyber Security & Risk Functions, Technical Training is typically conducted by External Providers. Often these trainings cannot address the specific needs of the Security & Risk Management Department and are scaled back to be fairly basic and general. While trainings are perceived as important by nearly all companies, opportunities are often restricted to C-Level or Senior Management or a narrowly defined set of Top Talents, Creating “Winners & Losers,” as has often been cited by many CEO’s.

In contrast, Best-in-Class Companies offer Training Opportunities to a wide range of Security & Risk Professionals. These firms have Developed Comprehensive Training Competencies along the following Key Areas: Leadership Skills, Client-Organisational Behaviour, Connectivity & Links to Business Initiatives. Further, some larger corporates have recently started to collaborate to Launch Strategic Training Initiatives. In multiple Learning Sessions, Employees Receive Training on Functional, Technical, & People Skills and have the opportunity to exchange ideas with Practitioners from other companies.

TURN EMPLOYEES INTO WELL-ROUNDED & CAPABLE LEADERS

The importance of drawing a Clear Vision of Cyber Security & Risk Leaders and defining a systematic process for identifying them emerges gradually within companies. Potential leaders are often identified on a non-systematic basis, depending heavily on the relevant Line Manager. Often the assessment of capabilities is not harmonized at a Divisional Level. Cyber Security & Risk Management role models with a successful track record can often be limited in number;

In contrast, Best-in-Class companies have clearly defined several well-differentiated Security & Risk Focused Career paths, to accommodate for Technical Profiles in Security & Risk Management; the philosophy is that not everyone can be a successful Manager but rather that a top-notch knowledge expert is also key for a well-functioning Cyber Security & Risk Function. A dedicated CISO or Chief Risk Officer at the Board Level can act as a prominent role model to motivate and retain skilled Security & Risk Personnel. As Cross-Divisional Rotational Programs are often difficult to implement in practice, some companies have experimented with instruments such as Shadowing, Dual-Hat Wearing or Short-Term Exchange Programs that mimic to some extent the positive effects of rotation by minimizing the required effort and cost. These programs fulfil the ambition of Security & Risk Management as a genuine Talent Conveyor Belt.

REWARD EMPLOYEES MORE EFFECTIVELY

Across industries, many companies still lack the ability to effectively measure and reward Outstanding performance in the field of Security & Risk Management. Evaluation processes are often complex, time consuming, and, in some cases, perceived as highly subjective. Rewards still rely heavily on Financial Incentives and, in some cases, perceived as “one size fits all,” that is, too vague and not suitable for all Security & Risk Management roles.

Benchmark Practice, however, includes consistent measures across roles that link to impact against Security & Risk Objectives. Appraisals are conducted as multifaceted 360-degree feedback on automated interfaces. Feedback, an integral part of the Key Performance Indicators that are set for Senior Managers, follows a many year perspective. Compensation consists of a variable based on the 360-Degree Feedback as well as individually predefined milestones such as a Specific Key Project to be Completed. In addition, recognition can take the form of Mini-Bonuses, Public Appraisals, or Rewards to allow for instant gratification. Companies using such Innovative Tools have reported very positive experiences at Team or Department Level, since such measures are quick to implement and clearly linked to individual Job Performance.

OTHER MANAGEMENT APPROACHES

DEFINE TARGET REQUIREMENTS

Define Target Requirements on collective Talent Management for the Cyber Security & Risk Function; individual-Talent-Management Needs can be derived on this basis.

MAJOR TALENT DIAGNOSTICS

Perform an appropriate diagnostic along Major Talent-Management Dimensions to compare the company’s Talent-Management Capabilities with Industry Best Practices and the Company’s Own Target.

BOTTOM-UP APPROACH

Perform a bottom-up transparency screening of the current workforce to Identify Patterns as well as Talent & Skill Gaps and to compare with Self-Defined Requirements.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

0161 718 5940

info@secure-recruitment.com

contact

TALENT MANAGEMENT

INCREASINGLY CHALLENGING ENDEAVOR FOR ALL ORGANISATIONS.

REGULATORY DEMANDS AND INCREASING COMPLEXITY

TALENT MANAGEMENT WITHIN SECURITY & RISK FUNCTIONS

STRATEGIC TALENT MANAGEMENT INITIATIVES

ATTRACT & RECRUIT TALENTED EMPLOYEES

TRAIN & DEVELOP EMPLOYEES

TURN EMPLOYEES INTO WELL-ROUNDED & CAPABLE LEADERS

REWARD EMPLOYEES MORE EFFECTIVELY

OTHER MANAGEMENT APPROACHES

GET IN TOUCH

SUBMIT ONLINE QUERIES, APPLICATIONS OR RECRUITMENT ENQUIRIES HERE

Section

Section

Section

info@secure-recruitment.com

0161 718 5940

SUBSCRIBE TO OUR NEWSLETTER

PAGES

EXPERTISE

EXPERTISE

info@secure-recruitment.com

0161 718 5940