With a global presence of more than 1,400 locations in 45 countries and around 25,000 employees, the security team at Iron Mountain Incorporated, the global leader in storage and information management services, is instrumental to the company’s success. Headed up by Senior VP and Chief Risk and Security Officer Jack Faer, the team is responsible for physical security, information security, investigations, business continuity, enterprise risk management, insurance risk management, safety and customer assurance and compliance.
“The big difference for us is, as a third-party provider to many of the FORTUNE 1000 companies, the collective safety and security-risk management services are really part of our brand,” says Faer. “We sell it to our customers; we practice it internally. It puts us in a unique position to incorporate what we’re doing behind the scenes, but also to disclose it with our customers on a very regular basis.”
Adding value to the organization and the bottom line by helping the business manage its biggest risks is the security team’s main mission. “Integrating the different security functions – the physical security, the cybersecurity, the investigations and people security – converges those functions so as to help manage the risks and some of the processes that cut across the organization,” Faer says. “It’s incumbent upon us to work close together so as to provide that integrated view to the business of how to manage risk and which risks are most important to mitigate.”
The best part about working at his company is the frequent interactions with customers. “We’re part of the sales effort and the marketing effort, so much so that we actually have groups within our organization to address some of those needs,” says Faer. “That’s the part that attracted me to the role: the chance to be part of actually adding to the bottom line, as well as maintaining a leadership position within our sector.”
Though cyber risk is not unique to any sector, it’s definitely one of the biggest challenges for Faer’s team due to the nature of the company. “The challenge for us is that at the business model, we may or may not know what information is contained in their records,” Faer says. “We also do not, as a course of business, know whether or not the records that we hold for customers is the only place where that information is contained. Developing the proper amount of layered security within a facility or the proper layered approach within the logical security to protect that information makes it all the more challenging.”
A couple years ago, Iron Mountain decided to form a risk and safety committee that oversees Faer’s area of responsibility. Instead of reporting to an audit committee, “I now have a board-level committee that’s only overseeing what we do, which is a much greater level of focus,” says Faer. “The approach that I’ve taken is to implement an enterprise risk management framework in how we deliver security. It’s a notion of looking at your broader risks, assessing what the relative impact of those risks is, and then ensuring that you have the right level of resources allocated to those risks.”
The C-suite at Iron Mountain clearly has a strong perception of the security brand. “It’s a board-level priority,” Faer says. “It’s something that’s integral to our business, and it’s a core value for our employees. I think if you polled our external customers in other states, they would probably tell you that security is what we’re known for.”
Peers within the company likewise recognize the value the security team contributes to the bottom line. “They understand where and why we’re making investments,” says Faer. “There’s probably a greater level of familiarity within the Iron Mountain company of what security is focused on than perhaps in some other companies where some of those efforts might be a little more behind the scenes.”
The two most difficult parts of Faer’s job are “continuing the trend of converging the separate functions into an integrated safety and security approach and delivering the appropriate level of service while understanding that we have a contractual obligation to our customers, not a fiduciary responsibility,” he says.
In his spare time, Faer is an avid biker. For the past 16 years, he has ridden in the Pan Mass Challenge, which has donated $500 million to the Dana Farber Cancer Institute since 1980. He has also sat on the board of the Alzheimer’s Association for the past six years.
Security Scorecard
Annual Revenue: $3.0 billion
Security Budget: $10 million
Critical Issues
-
Cybersecurity
-
Physical Security (Fire)
-
Terrorism