This paper examines the role of security management within organizations, tracing its evolution from specialist positions toward broader, management-oriented functions. Drawing on principles outlined by The Security Institute, the paper covers how security managers assess and respond to internal and external threats, collaborate with senior leadership, and balance security measures against available resources and organizational risk tolerance. The paper also addresses the multidisciplinary nature of modern security management, which increasingly encompasses information systems, health and safety, continuity planning, and public relations. Ultimately, the paper argues that effective security management must be integrated across all departments and aligned with an organization's strategic objectives.
Security management is "described in some quarters as a function of risk management" (Bulletin 2, Part 2). Although there is some crossover with public sector security functions, such as policing, security management is generally considered a private sector domain. "Whilst private security has a predominantly commercial basis, it should not be forgotten that it does interact with the public to a considerable degree" (Bulletin 2, Part 2). Security management is closely linked with other roles, and there may be some crossover with risk management. Risk managers typically "need appropriate specialist advice at the corporate level and other managers need to apply risk management principles in their own areas" (Bulletin 4, Part 1). Security managers often play a role in advising senior management and providing guidance to departmental managers.
To define security management properly, it may first be necessary to define security itself. "Most definitions of security (in its largest sense) indicate that it provides protection against loss and identify that loss as existing within a strictly commercial framework" (Bulletin 2, Part 2). Within the general security field, there has been a substantial shift over the past several years away from specialist positions toward "more management-oriented titles" (Bulletin 3, Part 1). As a result, Chief Security Officer has become Security Manager or Security Director. Changes in the marketplace and the operating environment have driven these shifts.
Moreover, the role of private insurance has diminished over the past several years, which has made the role of the security manager more important within any organization. Insurance has become cost-prohibitive or inefficient in dealing with many of the biggest risks and disasters companies face. A security manager mitigates risk by focusing on both prevention and proactive measures to maintain company integrity. Security managers work closely with risk managers, and often the line between the two roles is blurred.
The main day-to-day functions of security managers vary depending on the nature of the organization and the types of risk it faces. Security management in general is a diverse field that can include everything from crime prevention to prison management. It involves managing both external and internal threats and coordinating responses to those threats. Security management also plays a role in responding to damage and disaster. The role applies to any sector — government, private, and public — though the primary definition of security management tends to focus on the corporate sector.
The multidisciplinary nature of security management has enabled industry specialization. There is, for example, a clear and pressing need for information systems security management. "The role of security management has widened in scope to cover areas such as health and safety, IT risks, continuity planning, and facilities management. This trend is likely to continue" (Bulletin 4, Section 7.2). Security management can be concerned with financial, property, and human loss. Furthermore, public relations and communications are increasingly part of security management, as companies need to maintain brand integrity and reputation.
Assessing risk and making appropriate decisions within situational constraints is the core of the security manager's position. "At the tactical operating level, the security manager must assess the level of risk from fire, natural disasters, theft, criminal damage, and industrial espionage, within the context of prevailing social, technical, environmental, and political conditions" (Bulletin 4, Part 7). Any threats to the organization "must be kept constantly under review in order to react quickly to changes" (Bulletin 4, Part 7).
Assessment is one of the foremost roles of the security manager. The manager must therefore be intimately familiar not just with the organization, but with the entire industry and its operational and regulatory climate. A security manager cannot be effective or efficient without knowledge of the kinds of risk the organization might face. Risk and threat assessment require prior knowledge of what to look for and how best to respond. For this reason, security managers work at the corporate level and consult frequently with senior management.
To maximize the value of security management and take full advantage of the position, senior management must consider security as part of the organization's overall strategic objectives. Security management features need to be built into operating procedures and communications strategies, and linked to human resources development. Security management must be integrated with each and every department within an organization if it is to be effective. The security manager cannot perform their role without a consistent flow of information and communication throughout the organization.
"Proportional security spending relative to actual threat levels"
"Managing insider risks and cross-departmental coordination"
"Leadership skills and proactive strategic thinking required"
You’re 49% through this paper. Sign up to read the remaining 3 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.