03salary.

qxd

29/02/2008

11:02

Page 39

C o r p o r a t e S e c u r i t y S a l a r y S u r v e y 2 0 0 8|

Money talks
SSR Personnel Services Corporate Security Salary Survey results for 2008 are based on questionnaire responses submitted by over 3,000 practising senior managers. What are the current benchmarks for remuneration, then? Peter French examines the very latest trends in tandem with forthcoming sector challenges. Illustrations courtesy of SSR Personnel Services
THE 2008 CORPORATE SECURITY SALARY Survey commissioned and published by SSR Personnel Services quizzed 3,000-plus senior managers operational in the security sector across Europe, attempting to understand their core skills and responsibilities and, ultimately, provide a reliable benchmark for remuneration. Key managers were also interviewed to elicit their views on forthcoming organisational and sector challenges. When looking at the results (see figures 1-6 on page 40), its worth bearing in mind there has to be a margin for localised enhancement in remuneration packages for those individuals located in capital cities due to accommodation situations and taxes, etc. In addition, at the Chief Security Officers (CSO) level, there still appears to be a broad anomaly in terms of responsibility and impact from one corporation to another. Capabilities have to be defined initially through geographical location. Many CSOs (or heads of security) havent been exposed to international cross-border issues, although they are responsible for billion Euro corporations. With corporations acquiring other businesses, such secluded CSOs are rapidly exposed through language inadequacies and technical capability when siloed for too long. This opens up greater opportunities for capable business managers who understand large corporation thinking and appreciate that security adds value to the organisation. Directors suggesting that over 82% of senior managers are working more than 50 hours per week, and 34% over 60 hours. While theres a thirst for understanding convergence by those in physical security, information security management has been driven by business-savvy professionals whove capitalised on the paranoia in many Boardrooms for integration more forcefully than their colleagues from digital security. Should this be considered perverse? When physical security management is a major part if not the owner of the enterprise recovery strategy, it has an overriding need to hold its ground (or prove its worth) in the Boardroom. Convergence is about cost reduction: one party or the other has proven their worth to a greater degree. Information security management relies on exterior threats to facilitate the continual improvement of defences and be privy to increased spending. At the same time, poor procedural policies for Data Protection rather than any maliciousness or organised crime damages a corporations reputation and profitability. Of late, a number of large fines have been imposed for poor procedural practices. Many corporations have attempted to correct the imbalance through lower basic salaries and higher performance bonuses, but the geopolitical situation coupled with an increasing corporate appetite for risk management demands higher social skills from service professionals. At present, theres a demand for midmanagement graduates. That demand will increase with the burgeoning financial strength of the region, lead of course by the United Arab Emirates.

Whose job is it anyway?

In whole sectors of commerce be it through treasury, hedging or future trading individuals can place an organisation at risk. Perhaps the Audit Department would say that its in charge of processes, while the Compliance Section would argue that it looks after regulatory issues. The CSO should be at the core of an enterprises risk management function, with reputation, brand integrity, ethics and corporate social responsibility all persistent issues for their in-tray. With business resumption, you have to ensure transparency and accessibility for those who contribute to recoverability. Does this sound like the job profile for a CSO? Certainly, international communication and influencing skills are at a premium in todays world. Every CSO has that monthly or quarterly presentation to make to the Executive Board. Security will remain on the Boardroom agenda if the message is clear, precise and delivered in the language of business. Last years return on investment was 30% double the rate of return to most trading sectors of an organisation. Coupled with this years 10% cost reductions (or cost realignment) required by most global concerns, it looks very much like 2008 is going to be a savage year. However, as one CSO recently reminded me with expert timing: Keeping it simple and understandable is a most underrated skill. I I Peter French CPP FSyI is managing director of SSR Personnel Services (www.ssr-personnel.com) and Master of The Company of Security Professionals

Standing still? Not an option!

On average, the Chief Information Security Officers (CISO) position will be recruited every three-to-five years. Theres a consistent benchmarking of skills and remuneration in the open market that occurs with this kind of attrition. In the mid-executive position around the function of security (physical, investigations, due diligence, etc) theres a similar attrition or job realignment rate (SSR Personnel Services, 2007) which enables companies to keep pace with current salaries. Having managed a number of such assessments, there appears to be an averaged salary re-inflation of up to 15% when positions are subject to open market review.

Remuneration on the rise?

On the whole, the Independent Review Survey states that executive remuneration has risen by 6% in the past 12 months. Many security professionals working in the financial sector have had mixed fortunes for most senior managers, bonuses paid in 2007 were broadly in line with the past two years. A small number of executive managers can receive up to 100% of their basic salary in bonuses, although according to PriceWaterhouseCoopers the majority of awards are anything up to the 25% mark. Those managers who are multi-skilled and have developed valued services for their businesses could have expected pay reviews in 2008 of somewhere in the region of 15%. The long hours culture remains, with the Institute of

Middle East: an employment hotspot

The Middle East continues to attract premium remunerations for security professionals, mainly because of a lack of whats deemed to be suitable accommodation. In the past two years, housing allowances have trebled in a bid to offset this perception.

March 2008 www.info4security.com

39

03salary.qxd

29/02/2008

11:02

Page 40

| Corporate

Security Salary Survey 2008

On average, the Chief Information Security Officers (CISO) position will be recruited every three-to-five years. Theres a consistent benchmarking of skills and remuneration in the open market that occurs with this kind of attrition
Figure 1: Salaries of Chief Security Officers (CSOs)/International Chief Security Officers Responsible for policy and Executive Board level briefings. For global companies, its not unusual to find a CSO employed at headquarters with another international CSO reporting directly to overseas or affiliate Boards of Directors. These individuals will be a driver for change and service expansion. The current year will call for strategic corporate alliances. Budget responsibility: 30 million-plus per annum Figure 2: Salaries of Heads of Security, EMEA Region Tasked with regional policy development, executive reporting (promulgating corporate policy) and an overview of physical and intellectual property protection. There will also be a requirement to test corporate resilience and co-ordinate disaster response across various functions. Increasing in value due to their language skills and devolved operation. Budget responsibility: 10 million-30 million per annum

% of Respondents

Figure 3: Salaries for European Heads of Security Responsible for regional reporting, policy implementation and promulgating corporate policy in general. Also in charge of physical and information security. Required to implement corporate resilience and recoverability strategies. A broad range of remunerations categorises this group, with salaries increasing by up to 15% per annum. There are key skills gaps between demand and the candidates applying. Budget responsibility: 5 million-10 million

Figure 4: Salaries for National Heads of Security Responsible for all physical aspects of corporate security and maintaining standards across an estate. Increasingly involved with Health and Safety functions. In view of the Corporate Manslaughter legislation enforced from next month, this will be the position which takes the strategic (rather than tactical) security role forward in developing corporate awareness across the company. Budget responsibility: 2 million-10 million

Figure 5: Salaries for senior investigators More than one country reporting is the norm. Responsibility across all security breaches, due diligence, product diversion, counterfeit intelligence and the auditing of functions within the corporation as a whole. Table-top exercises in corporate recovery will be managed and developed through this individual as part of the defined supplier chain. Across the SSR Personnel Services survey, salaries appear to have increased by an average of 6% during the past twelve months.

% of Respondents

Figure 6: Salaries for Main Headquarters Site Security Managers Directly in charge of physical assets and information protection, local Health and Safety policy development and implementation. Probably a direct employee, but increasingly outsourced to a management team provider. A key position in 2008 in terms of achieving cost realignment and integrating technology while improving security awareness through employee representation. Budget responsibility: 2 million-5 million plus

% of Respondents

% of Respondents

% of Respondents

% of Respondents

40

www.info4security.com March 2008