You have a clear understanding of your security metrics and you’ve identified a security framework, but before you can convince stakeholders to buy into your security strategy, you need to understand who they are. Start by identifying key players who will have a say in the process, then analyze their concerns and interests. That way, you can tailor your pitch to speak to their needs and level of expertise.
At OneMain Financial, a company that empowers customers to reach a better financial future, stakeholders’ primary goal is to keep the business running smoothly. “In my experience, board members are looking to mitigate systemic risks. They want to make sure that if a small bolt breaks, the machine will keep running,” says Jane Domboski, CISO at OneMain Financial. “By explaining the key risks we’re trying to avoid, we can lay out a clear vision for our security strategy.”
At Mars, a global provider of quality snacking, food, and pet care products and services, the focus is on protecting its people, products, and purpose. As a private, family-owned organization, maintaining its reputation as a trusted global brand is a top priority for the family. As a principles-led company, Mars stakeholders take great ownership in continuing its legacy as a trusted partner.
With operations in over 80 countries, Mars knows that global reach requires global trust, making its reputation as a trustworthy brand critical to business success. To gain support for security initiatives, Mars’ security team appeals to the family’s desire to protect the company’s reputation, and in turn, its performance, for generations to come.
“It’s about finding the right balance between security and brand reputation, and giving them confidence that we will continue to evaluate and mature our program as we expand the business,” says Matt Pecorelli, deputy CISO at Mars.
