Natalie Runyon gives advice for breaking down the security and risk silos in your organization for a more collaborative enterprise risk management approach How do you handle understanding the enterprise risks in a corporation where all of the risk management functions are dispersed in differential line management — General Counsel, Finance, Technology, Facilities? How do you define the participating functions? Yes, the ideal situation is having these groups housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of organization structural shifts, here are some tips for you.Be a Leader in bilateral conversations of risk partnersThe most successful global security teams that I have been a part of were always leaders in collaboration and outreach to risk partners to pave the way for information sharing. Yes, there was the risk of the information flow being one way, and this is usually the case at the beginning, but as the interaction continues over time, the information flow gradually becomes two ways. For example, you may start with a monthly global meeting with Facilities, Business Continuity and quarterly meeting with Information Security and Compliance. [68 great ideas for running a security program]Conduct joint awareness programs As part of your “doing-more-with-less” strategy, look for opportunities to work together on joint-awareness programs. For example, most employees at a company don’t separate physical security from information security; security is security. Therefore, jointly working on a security awareness program often times leads to greater points of collaboration. Start with the new hire orientation. Also, participating in a wider program for annual compliance training is an easy win.Capitalize on the success of low-hanging fruit Reach out to the heads of risk management functions to ascertain interest in participating in an informal working group to share information and priorities on a quarterly basis. Gain buy-in from one other risk partner and approach the other heads of the risk management organization as one voice. Establish ground rules of participation around confidentiality. Survey the heads of the functions on the gaps or threats they are most concerned with. Taking a lead in this space will solidify you a leader and influencer in the group. Over time, the group will be persuaded of the benefits of formalizing it around an enterprise risk management program. Establish a joint threat heat mapStart with your head of information security team to discuss the creation of a joint threat heat map and its benefits for submission to the board of directors. The threat environment is only getting more complex — data loss, workplace violence, APT, natural disasters, data breach, civil unrest, supply chain, terrorism, facility impact etc. Plotting them on a likelihood and impact matrix enables you to show the prioritization of threats. Once it exists, it is an easy way to bring in other risk partners to add their view of integrated threats because the interaction is focused on a work product.Benchmark with peer companies to collect best practicesUnderstanding what your counterparts are doing is an influencer and can be a compelling piece of information to garner support for cross functional collaboration in an enterprise risk program not only from participants but also senior sponsors. [5 secrets to building a great security team]Once support for the cross-functional group is built, then gather the participants to create a purpose, charter, scope and rules of engagement and objectives. That way, it is completely transparent why the group exists and what it is set out to do. These foundation documents should be available in an electronic format to every participant. Greater collaboration has been an uphill battle in an industry with a historical reputation of being the group of “no.” More global security leaders initiating increased partnerships will help erode this old belief while serving our internal customers more effectively. Natalie Runyon is the Director of Security of the Americas at Thomson Reuters, a security leadership expert and a women’s leadership strategist based in New York City. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe