Jim Hutton, Director of Global Security
Staying in Touch Globally
The Procter & Gamble Company (P&G) has reached the five-year milestone of its acquisition of Gillette, and with it the addition of Jim Hutton, director for global security. P&G rings in at $78.9 billion in annual sales with a large line-up of leading brands. Yet this complex, global organization has created a unique and powerful platform to deliver a security culture for employees and other stakeholders.
When discussing how P&G’s security team reports into Human Resources, Hutton states, “HR is the perfect home for security at P&G. Working within HR, we are able to see how things get done. HR has the best wingspan to reach our employees, customers and business partners.”
As a component of the overall HR mission to serve 127,000 employees, P&G security is able to manage expectations from HR and set clear strategy to get the job done. For example, HR focuses on global travel requirements and leverages security for travel advisories, creating seamless support to employees, globally.
“There are clear guidelines that all employees follow and this is led by our Ethics and Compliance group,” Hutton adds. “We have Incident Response Guidelines and a Worldwide Business Conduct Manual that are rooted in P&G’s ‘Purpose-Values-Principles.’ These two manuals enable all employees to understand company expectations. Having all employees follow the same guidelines enables security to manage scale and create transparency at this big organization. We rally around: ‘Do the right thing.’”
As P&G approaches the fifth year since acquiring Gillette, it has blended both organizations’ best practices. “The challenge is to make a choice on best practices that is scalable to all of P&G,” says Hutton. “We have received great support across the enterprise to install best practices in areas like freight loss, brand protection and achieving case closure.” P&G uses metrics and ROI to measure the value of these processes. “Our first post-merger program was to focus on the loss of finished goods in transit,” he says. “With P&G shipping more, and organized crime becoming increasingly aggressive, we needed to get products to our customers on time and meet on-shelf availability. We went well beyond traditional shipping security and saved millions in product losses. The ROI is so strong and measurable that the Product Supply Organization funds the program out of the money saved.”
Another outcome of the Gillette acquisition was its focus on resilience, particularly after the 9/11 and Katrina incidents. “We realized that there was an opportunity to develop a good crisis management strategy that incorporated emergency management, business continuity and disaster recovery,” explains Hutton. P&G adopted a simplified decision making model that worked with both external relationship leaders and internal leaders within security.
In conjunction with the simplified decision making model, P&G’s security utilizes technology. Instant messaging and crisis contact management on a global scale enables both fast awareness and action. “Our mantra is ‘touching and improving lives’ and this year our Job 1 is to better leverage our ability to manage crises,” he says. “Our employees know that they are cared for and valuable to us, and there are systems and processes in place to help them,” he says.
When asked about the profession’s biggest challenges, Hutton notes that those challenges have been addressed within P&G, “Making good macro-level decisions is a very dynamic environment is difficult. Organizations achieve that with great staff development, education and training. You don’t just arrive there; you have to work at it every day.” P&G security has invested in their people with education, experiential learning and involvement in business activities and other field work so they can understand and learn. “We have four young people in security getting their MBAs,” he says.
Hutton notes the best part of the job is that there is something different each day, “The external environment is always different and P&G is very dynamic. I enjoy developing and managing our staff quite a bit and watching people grow in the company.” Prior to joining Gillette, Hutton worked at the U.S. Department of State’s Bureau of Diplomatic Security for ten years.
Personally, he has been married for 27 years, has two sons and is an avid kayaker.
Security
X Brand/Product Protection
X Business Continuity
X Corporate Security
_ Cyber Security
X Disaster Recovery
_ Drug and Alcohol Testing
X Emergency Management
X Executive/Personnel Protection
X Insurance
X Intellectual Property
X Investigations
X IT Security
X Physical Security
X Regulatory Compliance
X Supply Chain
_ Other
Security Scorecard
Annual
Revenue: $80,000,000,000
Employees: 127,000
2011 Critical Issues: • Business Continuity
• Crisis Management
• Brand Protection
Richard Gunthner, Vice President of Global Corporate Security
Total Risk Management and ROI: It’s Priceless
MasterCard has seen dramatic change in the past several years, including over time, shifting from a private association owned by banks to a NYSE-listed, public company. This evolution and the advent of shareholders and other stakeholders drove an overall new meaning for risk management and the company’s security vision.
“Security is truly part of the overall company,” says Richard Gunthner, MasterCard’s vice president of global corporate security. After the IPO, MasterCard’s then CEO decided security was critically important, needed to report to an executive committee member and that the lead security executive required a window into the company strategy – being aligned with the company’s goals and objectives would be critical to be effective.
At the same time, it was recognized that the executive committee required a strong lens to view and understand risk for its global organization. As a result, Gunthner serves as senior advisor to the executive committee in all matters pertaining to physical security. “We work to earn credibility and respect across the organization every day,” shares Gunthner. Looking at MasterCard’s global security program, the reasons for success are clear.
“We take a strategic view and stay focused on several key areas,” he shares. “First, as a global company that serves 210 countries, everything we do is guided by a risk-based approach. Second, what we do must be aligned with the company’s objectives and add value. Third, we are very customer and technology focused as an organization, so we map security into that platform. MasterCard, by the nature of its business, requires us to deliver security in a customer friendly way and to leverage technology to achieve our objectives. Fourth, our programs, as much as possible, need to be transparent.”
MasterCard’s security organization mostly works behind the scenes and purposely stays invisible. “Our focus is to keep people from harm’s way by preventing an event from impacting our business,” he says. “This takes a careful and thoughtful approach versus an emotional reaction to an event, and it’s our job to differentiate between the many shades of gray.” At the heart of this strategy is a sizeable investment in analysis to predict future events. “Relying on our analysts from a combination of proprietary MasterCard analytics, purchased information services and algorithms, we are able to identify risks and prevent events from impacting our people,” he says.
MasterCard prides itself on being well prepared to respond to any situation. “Our goal is to enable the business to operate and for our people to function effectively. But effectiveness requires that they can also function safely. I am very conscious that we are a global company and that to advance commerce so that everyone, everywhere can participate, we must take increased risks in new geographies. That increases security’s role to manage those risks and enabling, not slowing business,” explains Gunthner.
Among the key risk management discussions is how the powerful MasterCard brand might be impacted by a security issue or threat against the company or its people. “Our customers are our employees, visitors and guests and we work to get their feedback on security and risk issues,” says Gunthner.
MasterCard has launched many technology-based initiatives with a concern that a “big brother” response might occur. But the feedback has been just the opposite. “Our stakeholders like and support the mechanisms we have put in place, especially that a contact and a resource exist. Whether a simple flight delay notification or a more significant risk issue is in play, the response is overwhelmingly positive and appreciative. We offer many resources to our stakeholders including security briefings, cultural information such as whether local law enforcement in a specific area is reliable and airline safety ratings. We work to better prepare our customers how to avoid incidents. The informal feedback is very positive and rewarding,” says Gunthner.
MasterCard measures the value of security in three ways. Any program or investment:
1. Must maintain or increase the current level of security.
2. Must be either transparent or semi-transparent and not overly burdensome to the customer.
3. Must use a risk-based approach versus painting with a broad brush so that the biggest risks are managed without limiting business across the board.
Among the biggest changes impacting risk management and physical security in addition to becoming a public company are new technologies and the naming of its new CEO.
“New technologies allow us to drive more security and safety initiatives that reduce risks with equal or less resources. Mr. Ajay Banga became CEO on July 1, 2010 replacing Robert Selander, who will retire at the end of the year. Mr. Banga has new ideas, great energy and a true global perspective. Having his continued buy-in is critically important for security and something we work hard to earn and retain,” shares Gunthner.
Looking at our profession, Gunthner addresses the industry’s challenges. “We have to stay relevant by changing as the expectations for security change. And we need to add value to the business by constantly improving and enabling business to get done. That only happens with innovative thinking outside the traditional security box. Security leaders need to always focus on saying, ‘Yes.’”
Noting that complacency is very dangerous, Gunthner enjoys that every day is different and that the security role keeps his job fresh and interesting. He finds MasterCard’s global nature fun and exciting, and that engaging with new technologies, analysis tools and understanding risk to improve security is invigorating.
A commercial pilot by training who held senior management positions at American Airlines prior to joining MasterCard, he is married with two children. He enjoys renovation projects and beach vacations.
Security
X Brand/Product Protection
X Business Continuity
X Corporate Security
_ Cyber Security
X Disaster Recovery
_ Drug and Alcohol Testing
X Emergency Management
X Executive/Personnel Protection
_ Insurance
X Intellectual Property
X Investigations
_ IT Security
X Physical Security
X Regulatory Compliance
X Supply Chain
_ Other
Security Scorecard
Revenue: $5.1 billion
Employees: 5,100
Critical Issues: • Cyber Crime
Technology
• Budget/EfficieJeff Ward, Chief of the San Antonio, Tex., Independent School District Police Department
The S’s: Smart, Safe & Secure
The
management.
“Creating a secure and safe learning environment for the students to be as successful as possible is Job 1,” says Chief Ward. Using a traditional law enforcement model, including the chain of command for supervisory issues in an educational setting, though has nuances. “We have a good lens on students who are serious or repeat offenders of the law versus. those that may get into trouble with minor pranks or poor judgment. And we treat those activities appropriately,” he says.
The San Antonio ISD includes 96 facilities that serve more than 55,000 students from pre-Kindergarten through 12th grade high school. Currently, the district is voting on a major bond that includes $43 million for a district-wide security investment. The bond’s approval with a focus on security technology will enable Chief Ward to provide a more constant and consistent level of security and safety. “It is a challenge to find the time to maintain focus on our roles and keep our existing technology up to date. The passing of the bond will greatly support our security goals,” says Chief Ward.
While addressing legal violations by students are the most frequent law enforcement activity, there is a significant strategic plan for business continuity and emergency management. “The one thing that keeps me up at night is the possibility of an organized attack on one of my schools. If the initial attack is successful, then we have failed. We train and prepare to have the best possible people, policies and technology in place to give us awareness of possible events and to respond effectively,” says Chief Ward.
Among the challenges, he says, is the ninth anniversary of the 9/11 attacks and the Columbine massacre in April 1999 – they are no longer prevalent memories. “Keeping the employees, teachers and community focused on security and at a relatively high level of awareness is our greatest challenge. As time passes without an event, people relax and that increases our risk. People tend to forget that these events can happen anytime, anywhere. We need the eyes and ears of the community to be attentive and communicate with us so we can be proactive and effective,” explains Chief Ward.
The San Antonio ISD has also employed new technology to assist in its mission, and it has seen positive economic results. “We installed an access control system with video to prevent people who should not be in our facilities from entering,” Chief Ward says. “That has reduced key control costs and added real value to our investigations as well as our monitoring program. It allows our force to be more productive without adding officers.”
Chief Ward is particularly proud of the San Antonio ISD police force. “I have a great staff,” he says. “They are true professionals and they really take care of their customers including the students, employees, property and even me. They bring a diverse perspective to our decision making process, and that is very valuable.”
His hobbies, other than wordworking, are strongly tied to his profession. He is a Special Deputy U.S. Marshall and a member of the Lone Star Fugitive Task Force. And he is an active volunteer who has donated his time and energy to Texas Municipal Police Association and the Texas Association of School District Police, of which he is a past president.
Among his ambitious goals for the San Antonio ISD is to “leave the district better than he found it” and there is no doubt that he will do so.
Security
_ Brand/Product Protection
X Business Continuity
X Corporate Security
_ Cyber Security
X Disaster Recovery
_ Drug and Alcohol Testing
X Emergency Management
X Executive/Personnel Protection
_ Insurance
_ Intellectual Property
X Investigations
_ IT Security
X Physical Security
_ Regulatory Compliance
_ Supply Chain
X Other: Law Enforcement
Security Scorecard
Annual
Budget: $517,327,000
Students: 55,000
2011 Critical Issues: • Technology
• Implementing Access Control
• Training
Maria Chadwick, Director of Surveillance, Wynn/Encore
Securing the Brand
Ensuring that
business is conducted honestly and that the company and its guests are
protected defines Maria Chadwick and her staff’s role at Wynn Las Vegas. “Our
job is to protect the integrity of the company and its gaming assets. That is
the core of Wynn’s
Casino surveillance is unique due to its adherence to gaming regulation requirements. The surveillance department is responsible for monitoring the guest and employee activities for all of the casino games and other hotel support functions, acting as a deterrent against policy/procedure violations and identifying actions that can possibly lead to theft and/or cheating. As a result of the gaming regulations, surveillance uses clandestine observation methods to achieve its objectives via a security video camera system.
The surveillance department is also responsible for procuring the video monitoring for the entire property and has total override capability over all other departments who have access to view video. “All departments are intertwined to prevent and manage events. For example, if a subject presents counterfeit chips at the casino main cage, casino surveillance is responsible for capturing the incident on video. Security is informed to take the subject into custody and notify the proper authorities and corporate investigations is also advised of the incident, in order to conduct a background investigation and coordinate with the proper law enforcement agency,” explains Chadwick.
Casino surveillance’s second key objective is to enforce and ensure that policy and procedures are followed. Staff is trained in all surveillance departmental standard operating procedures. In turn, staff is also trained in additional business processes as it relates to the departments outside of casino surveillance as well as State and Federal statutes to ensure property compliance. For example, when a dealer fails to properly clear his/her hands at a blackjack table, casino surveillance will report the infraction to casino management for immediate correction. The incident is formally documented as a break in procedure against business practices and the integrity of the game is not compromised. “By documenting and reporting violations of this nature, the casino surveillance department shows that the company is straightforward and operating in a suitable method,” explains Chadwick.
One of Wynn Las Vegas’ greatest achievements was the expansion and opening of Encore on December 22, 2008. This $2.3 billion entertainment complex includes an additional 2,034 guest suites and 74,000 square feet of gaming space. Even more impressive: it opened at the height of the economic collapse. “The opening of the Encore and the economy at the time was an interesting challenge. We were expected to continue normal operations for Wynn Las Vegas, while constructing a new property. Wynn’s high standards for customer service and overall business values had to be maintained,” explains Chadwick.
Wynn Las Vegas is highly focused on customer service and Chadwick’s goal is for casino surveillance to be a support function for both the guest service staff that interacts with guests on the casino floor as well as anyone outside of the security department. Wynn and Encore hold more Forbes Five Star awards than any other casino resort in the world.
Today, Wynn and Encore have one seamless
surveillance department. Yet, training was a challenge at first,” Chadwick
says. “Existing staff was tasked with maintaining operations for Wynn, learning
a new property and then training completely new staff to all operations.”
Training and retaining qualified employees is an ongoing dilemma for Wynn Las
Vegas and many other
In addition to labor and training, in preparation for 2011, Chadwick and her staff will continue to focus on expenditures.
For all expenditures, ROI measurement will be emphasized going forward. “While risk management is generally an automatic reason to approve expenditures for our business, programs such as loss prevention or ‘what might happen’ are getting a more critical review. We are asking ourselves, ‘how can we provide coverage at a logical investment level?” notes Chadwick.
Casino surveillance has become a more versatile tool to the company. “We have changed our paradigm,” she says. “An example of this is using a database program that we use to evaluate advantage play (such as card counting) and repurposing the information to assist marketing in determining a player’s profitability for the company. The information is used to set appropriate credit lines and complimentary offers,” she explains. “We created a needed value by applying our existing technology.”
Managing something different every day is her favorite aspect of her profession. “I walked in this morning and learned about an upcoming project that will be taking place three to four months from now that will have a significant impact on the technical division for the department. Planning and preparation had to start immediately due to the overall project scope. Continuous projects, changes, additions and remodels keeps each day fresh and exciting,” says Chadwick.
When not working, she enjoys walking, yoga and Pilates. “Finding a balance between my professional life and personal life is important to me. You have to devote equal time to both, finding the quality time with those you care about,” she says.
Security
X Brand/Product Protection
X Business Continuity
_ Corporate Security
_ Cyber Security
_ Disaster Recovery
_ Drug and Alcohol Testing
_ Emergency Management
_ Executive/Personnel Protection
_ Insurance
_ Intellectual Property
X Investigations
_ IT Security
_ Physical Security
X Regulatory Compliance
_ Supply Chain
X Other: Gaming Surveillance
Security Scorecard
Revenue: $3,600,000,000
Employees: 15,500
2011
Critical Issues: • Expenditures/Budget
• Labor
• Training
Mark Cheviron, Vice President, Security and Corporate Services
World Class Leadership
Mark Cheviron started the Archer Daniels Midland Company’s security department in 1980 with a simple vision: the gates, guns and guards approach to industrial security simply was not sufficient any longer – ADM’s security program needed an investigative focus. Second, because the department was new and the scope of corporate risk was unknown, creating a line-item security budget didn’t make sense. “At the time our security issues mostly involved grain theft and we needed to train and focus attention on various forms of commodity fraud. It was understood that we would not spend any more than necessary to get the job done and we moved forward without a budget for our department,” he explains.
This was not that unusual for a company like ADM whose business is routinely affected by weather. Since they are used to flexibility in their core businesses, managing security in a similar, fully allocated manner was understood and accepted. Today, the $70 billion company transforms crops into products that serve vital needs for food and energy. At more than 240 processing plants, ADM converts corn, oilseeds, wheat and cocoa into products for food, animal feed, chemical and energy uses. Today it operates the world’s premier crop origination and transportation network, connecting crops and markets in more than 60 countries. And after 31 years, the corporate security department still has no line-item budget.
Regardless, the global company has an outstanding security program developed as a result of Cheviron’s experience and leadership. The corporate profit centers appreciate the fact that effective security and successful investigations limit loss and account for recoveries that positively impact the bottom line for the business unit. As a result, corporate security enjoys the full support from the operations groups.
Part of the reason that the security effort has been so successful at ADM involves the importance placed on self-evaluation and an incident debrief process that ensures that lessons learned after an event or as a program develops and matures are integrated into future planning and performance.
The role and importance of the corporate security function have also expanded over the years to include all aspects of security risk management. For example, in addition to the traditional security roles, corporate security currently employs three security analysts who provide the ability to employ intelligence driven security programming, and to provide for real-time security risk management for ADM’s many travelers around the world.
Among the more recent additions to corporate security responsibilities are security related regulatory compliance assurance programs, enterprise risk management, food defense, workplace violence and innovative collaboration with ADM’s IT department. Although ADM’s IT security department is separate from the corporate security department, the two groups work closely together. “IT is the expert at who is pinging our firewalls and attacking our networks,” Cheviron explains. “My organization is the expert at investigations. We partner with other companies in our sector and share data to identify where threats are coming from and new risks.”
Although food safety has long been a critical focus for ADM, food defense, or the mitigation of risks associated with intentional adulteration of food or feed products, has been an important part of the corporate security focus since the Tylenol contamination event. Like many security issues, food defense has matured from a responsive, investigative focus, to one involving highly innovative proactive modeling and risk assessment processes to prevent major events from occurring in the first place.
Among our greatest challenges, Cheviron notes, “One mistake I feel people in our profession make is that they forget that they are a support group for the main business units. We do not directly contribute profit. Our role is to help keep the money the company does make.” By establishing a clear vision and role for the security function, Cheviron has established an excellent reputation for security within the company. “We focus on important areas of concern where we have expertise that is unique within the company. That is one way to create value,” he says.
Cheviron recommends getting involved in broad private sector security collaboration and networking opportunities as a powerful way to learn best practices and to ensure success. “Organizations such as OSAC, DSAC, ISMA, ASIS and the Security 500 are excellent for networking and learning about what policies, procedures or technologies are working – or not working. The goal is to be the subject matter expert on merging your organization’s business and security goals.” Cheviron has served as co-chair of OSAC and was a founding member of DSAC.
Cheviron most enjoys his involvement with people and his peers and being focused on ADM’s business issues to contribute to the company’s success. “We deal with something different every day and there has been more change in the last ten years than the first twenty,” he notes.
He has been married to his wife Cindy for 39 years and they are very proud of their three sons, including a genetics professor at the University of Nebraska, an FBI agent in San Diego and his youngest, who has the dream job – teaching passengers on Holland Cruises how to get the most out of their computer experience, including photographic post-processing.
Security Scorecard
Annual
Revenue: $69,000,000,000
Security Budget: As needed
Employees: 28,000
Lives in: Legal/Risk
Stephen T. Colo, Chief Security Officer, SAIC
The Security Link
Science
Applications International Corporation (SAIC) is a diversified business with
more than 95 percent of its revenues coming from the
SAIC is always seeking to innovate in a dynamic environment. As a result, it hired Mike Ennis to lead its risk management and international security programs. A retired Marine Corps major general, Ennis has a strong intelligence background overseas and thus developed the programs to have a powerful alignment with SAIC’s business goals.
“Our support of our federal government
customers sometimes requires our employees to work overseas,” explains
“Ennis joined SAIC 22 months ago and he has made a significant impact on how we approach risk and international security operations,” Colo adds.
“Not all areas are friendly to Americans and/or expatriates. In addition to potential hostility, risks such as weather, terrorism, political unrest and natural disasters exist. The consequences of these events can be predicted and managed,” notes Ennis.
Colo and Ennis have teamed with the business units to address business and security needs. Ennis has created a matrix of top risks and presented them to the business unit leaders. This has enabled security and the business units to begin working together early in the proposal stage to assess risk issues and help the business unit develop a proposal that thoroughly vets security and risk mitigation planning and costs. “Our credibility and expertise enable us to propose, ‘No, the risk is just too high to go there,’ and have that decision supported by the business units, customers and our CEO,” shares Ennis.
Among the significant changes SAIC security has implemented to improve performance and align with the company’s business goals are:
1. Created a security council to bring security and business people together to address issues and solutions.
2. Partnered internally and externally with customers and other contractors for better risk management.
3. Included greater emphasis on business continuity plans in annual presentations to the Board of Directors.
4. Conducted live and virtual table top exercises to prepare for hurricane season and other natural disasters to help ensure all employees are prepared.
5. Worked to be “best of breed” in crisis management and response.
6. Focused on workplace violence issues, including an exercise devoted specifically to this topic.
SAIC’s security team has strong
examples of how they have added business value for the organization. “During
Katrina, our business continuity program enabled our employees to stay in place
and provide services to customers in the impacted area. Our first priority was
the safety of our employees, and then how they could assist our customers
during the disaster,” explains
Among the challenges SAIC faces, Colo notes, “Because of our strong ties to the federal government, one major area of focus is counterintelligence and finding effective ways to determine if people are stealing classified information or IP.” Cybersecurity is the number one threat for most organizations today. Insider threats are the major concern, especially with the growth of social networking risks. Physical security risks, international travel risks and foreign intelligence or espionage risks are ever present challenges.
“Risk and security are inextricably linked,” shares Ennis. “They are at the opposite sides of the same coin. You cannot pull them apart. Security protects people, infrastructure and information, and doing so effectively reduces risk.”
Security
X Brand/Product Protection
X Business Continuity
X Corporate Security
_ Cyber Security
X Disaster Recovery
_ Drug and Alcohol Testing
X Emergency Management
X Executive/Personnel Protection
_ Insurance
X Intellectual Property
X Investigations
_ IT Security
X Physical Security
X Regulatory Compliance
_ Supply Chain
X Other: Information Assurance, National Industrial Security
Security Scorecard
Annual
Revenue: $10,846,000,000
Security Budget: not available
Employees: 45,000
Lives In: Operations
2011 Critical Issues:• Counterintelligence Training
• International Safety and Security
Jack Sullivan, Director, Corporate Security and Loss Prevention, Dunkin’ Brands
Finding Security’s Voice
With more than 14,800 points of distribution in 44 countries, and approximately 120 years of combined history, Dunkin’ Brands is home to two of the world’s most recognized and loved brands: Dunkin’ Donuts and Baskin-Robbins. Within this nearly 100 percent franchised sales and distribution company are 8,000 restaurants. Jack Sullivan manages risk and provides security for the corporation’s 1,000 employees and their assets as well as working a complex, global matrix to deliver security knowledge, best practices, resources and policies to its business partners.
“Our primary goal with the franchisee is to reduce theft, increase profitability and improve financial performance,” says Sullivan. Dunkin’ Brands security includes three teams to best mitigate risk: Investigative, Financial Analysis and Corporate Security.
The financial analysis team is focused on identifying anomalies at the store level and notifying store management so they can appropriately deal with the offending employee. To complement the financial analysis program, the investigative team is in the field meeting with franchisees and walking the thin line between advice and policy. “Due to liability issues, we cannot prescribe mandatory security rules. We do train and recommend to our franchisees that they work with their security consultant to implement specific policies and programs,” explains Sullivan.
Corporate security is the third team. “Corporate security focuses on enterprise risk issues, including protecting our 1,000 employees, regulatory issues such as the Foreign Corrupt Practices Act, travel security, data and information security, business resilience and crisis response,” he shares.
Dunkin’ Brands has moved into emerging markets and its security team is focused on its “duty to care” and provide safe and secure environments for its employees. “We have an excellent travel security program that allows our employees to focus on the job they need to do and not get distracted or interrupted by worrying about their personal security,” says Sullivan.
Dunkin’ Brands also measures the value of its security program. Employee theft is the most easily measurable. “We identify the theft within a franchise and notify the owner so it can be eliminated. Then we track sales after that event to document their immediate sales increase and the impact of our action,” he says.
Dunkin’ Brands’ field investigative team meets with franchisees in both large groups of 200-300 owners as well as one-on-one. “They not only present training on red flags of employee theft and better security, but we also get feedback from the owners. We use that feedback as a metric on our performance, too. It is hard to prove a negative and quantify the dollar not taken. But we know that having loss prevention programs in place is a deterrent and reduces theft at the stores,” he shares.
The biggest change for Sullivan occurred two years ago when his role changed from loss prevention to heading up all of Dunkin’ Brands security programs. “Security as a business function has been added to the company’s strategic planning. Corporate Security and Loss Prevention now has a voice before a decision is made,” he says.
One recent addition to his busy day includes
cyber security. The Chinese Advanced Persistent Threat effort to steal trade
secrets from
Among our profession’s challenges Sullivan notes that he still hears “old” thinking from peers that the role is about rigid policy enforcement and not the organization’s business objectives. “In my view, if a security executive is seeing things through the traditional law enforcement lens and not a business lens, they will have trouble succeeding,” he notes.
A father of two girls and an avid
Red Sox fan, Sullivan holds a Masters Degree in Government from
Security
X Brand/Product Protection
X Business Continuity
X Corporate Security
X Cyber Security
X Disaster Recovery
_ Drug and Alcohol Testing
X Emergency Management
X Executive/Personnel Protection
_ Insurance
X Intellectual Property
X Investigations
_ IT Security
X Physical Security
X Regulatory Compliance
_ Supply Chain
_ Other: 8,000
Franchise Restaurants
Security Scorecard
Annual
Revenue: $8,000,000,000
Security Budget proprietary
Employees: 1,000
Lives In: Finance
2011 Critical Issues:• Business Continuity
• Foreign Corrupt Practices Act
• Chinese Advance Persistent Threat