Security Risk Management Industry Report
Industry / Careers / Qualifications
The Security Risk Management (SRM) sector is expanding rapidly as demand from both government and private enterprise grows. So too is the range of roles available within this industry. At one end of the spectrum there will always be straight forward security guard and personal protection roles, however increasingly security and risk careers have evolved into the realm of data protection and corporate IP security, with opportunities both domestically and internationally.
Property Casualty 360 says, “In many ways, the news story of 2018 was security. From social media privacy and data breaches to active assailants and nuclear threats, the country has been engrossed in conversations about safety and security risks.”
What this means from an employment point of view is ever increasing opportunities to enter the industry, move up the rungs, or move sideways into a completely new career, utilising your same skillset.
Security Risk Management careers represent a prime civilian industry for ex-military and ex-police personnel. However it is also an industry that values a wide range of life and work experience, particularly business skills.
Our Security Risk Management Industry include:
In Australia, SRM is a $4.5 billion industry, with about half of that representing wages. Gone are the days that security and risk management was essentially a close personal protection job. Now, there is a focus on protecting industries and businesses, not just protecting individual people.
According to the Australian Security Industry Association Ltd (ASIAL)… “The industry employs over 170,000 personnel nationally”.
There is a rise in security and risk management opportunities in the mining sector. Mining information and training site iMINCO states:
“Safety and security of plant, equipment and personnel are top priorities for Australian mining companies, given the high-risk nature of the industry and the public interest mining activities attract. Having the appropriate strategies in place to protect the mining company’s workforce, assets and reputation is critical to the ongoing success of mining operations.”
Governments and NGOs all around the world employ private security companies – with ex-defence from Australia featuring prominently in these companies.
It is a cheaper, more politically sensitive and readily mobilised option than placing regular armed services in multiple locations around the world.
With security jobs currently outstripping police numbers, and an ever increasing range of security roles available, now is a great time to consider a career in SRM.
Perhaps the biggest growth sector for SRM positions is the world of cyber security salary, with overtime hours common.
There are also security and risk management opportunities internationally.
Emerging Trends in Security Risk Management
As a by-product of increasing globalisation and reliance on technology, demand for SRM is growing, and so too are employment opportunities. Here is a summary of the biggest trends in the SRM industry right now…
- Terrorism – including cyber terrorism
- Health Sector – increasing security risks driven by drugs and alcohol. Synthetic drugs are highlighted by police specialising in drugs.
- Data security – firms and consultants specialising in IT security are in ever increasing demand to prevent data breaches, system hacks and develop sophisticated encryption algorithms.
- Security Tech – SRM firms and consultants are using an expanding array of technological solutions to support their work, from drones and robots to advanced security systems.
Taken together, these trends mean the security workforce is changing. At one time, many security professionals had a background in law enforcement or the military.
Now, they are increasingly being drawn from IT companies, the FBI and other specialised agencies. Because experience and training go a long way towards effective security risk management, these changes are important to keep an eye on in 2019.
Security Risk Management Careers
Risk management careers play an important role in any organisation, and are a big contributor to an organisation’s overall success. Following is a list of actual SRM careers that range from entry level for those just starting out, to options for advancement and diversification for those with strong skills and experience.
You will find a very useful ‘day in the life of’ interview for each of these careers on the Institute of Risk Management website. (We’ve included a snippet of what each person enjoyed most about their job.)
- Operational Risk Consultant – “I like dealing with people”
- Project Risk & Value Manager – “I love the challenge”
- Senior Director, Strategic Risk Management – “I love the bandwidth”
- Enterprise Risk & Regulatory Change Director – “Keeping up with the latest trends”
- Risk & Assurance Advisor – “The eyes and ears of the department”
- Operational Risk Manager – “The variety of activities that I get involved in”
- Head of Forensic Consulting & Insurance Practice – “Being educated daily”
- Risk Management Director – “To witness our clients’ successes”
- Head of Risk Management & Insurance – “The interaction with people across the company”
- Senior Risk Consulting Manager – “Meeting people, travelling, relearning”
- Sector Risk Analyst – “I enjoy working with people from all different levels”
- Senior Risk Partner – “I get involved with every area of the Company”
- Enterprise Risk Management Consultant – “It’s intellectually challenging”
- Risk Management Consultant – “Designing new systems within a framework”
- Audit and Assurance Supervisor – “The learning curve”
Military to Civilian Risk Management
And here is an interview with Alastair who transitioned from a 16 year military career with RAF, into a SRM role. Alastair had some great skills from his defence career that were directly transferrable to his new risk career: Enterprise risk management, Risk management, Information governance, Programme/project risk, Training.
A look at online job sites such as Seek and Indeed reveals a wide range of roles in the Security Risk Management sphere:
- Cyber Security Compliance & Risk Manager
- Manager ICT Governance, Security & Risk
- Cyber Security Risk Specialist
- Security Risk and Compliance Specialist
- Technology & Security Risk Analyst
- Strategy and Risk Director
- Senior Risk and Cyber Security Specialist
- Security Consultant
- Technology, Cyber Strategy and Risk Director
- Security Architect
- Security Specialist – Governance & Risk
- Lead Implementor – IT Security System
- Senior Risk and Cyber Security Specialist
- Cyber Security Risk, Compliance and Governance
- IT Risk Cyber Security Manager
Security Risk Management Skills and Responsibilities
Responsibilities for Risk Management Professionals include:
- Establishing and monitor key risk indicators/factors, as well as developing and then executing plans designed to mitigate risks.
- Analysing transactions, internal reports and financial information to identify potential fraud risks – which traditionally had been financial fraud, but can be fraudulent identities, and intellectual property issues as well.
- Maintain current reports addressing and rating risks, aligned with recommendations to respond to potential or real risks.
- Policy and procedure creation.
- Evaluating how effective an organisation’s internal control frameworks are in managing risks and still advancing the company’s goals and objectives
- Ongoing education for management and employees, as well as technical support, around risk management strategies and programs
Common technical skills to deliver in a SRM role:
- Starts with identifying direct and indirect risks that can impact your organisation/client.
- Applying a Risk Management model – a common one is the prevention, preparedness, response and recovery (PPRR) model – which has been used by emergency response in Australia for a very long time and represents a comprehensive approach to risk management.
- Developing a business continuity plan.
- Preparing a risk management plan and a business impact analysis.
- Developing a recovery plan (information relating to planning for recovery as well as the resumption of critical business activities after a crisis has occurred, including anticipated timeframes to get back to business as usual).
- Preparing an incident response plan.
- Cybersecurity – including protections from cyber crimes.
- Protecting IT and data systems
- Protecting assets and premises
- Managing physical hazards in the workplace
- Managing financial downturns
- Keeping your workplace safe – human resources, bullying, harassment claims as well as physical safety of staff
- Protecting reputations – including conducting due diligence, protection from scams
There are a consistent set of soft skills required:
For example, in many roles, there are high standards of communication required in report preparation and influencing/negotiating with stakeholders. You would also be expected to have:
Communication skills, Analytical skills, Attention to detail, Initiative and enterprise, Commercial acumen, Planning and organisational skills, Self Management & Learning.
In this section we give you an explanation of each of our Security Risk Management qualifications, and examples of position titles relevant to each.
This is a standard level of training for security risk officers. It is comprised of 11 core (compulsory) units, plus four elective units of competency (which allows some range to match your experience or interests to particular units).
There are no pre-requisites to enrol in the Certificate IV in Security Risk Management. The core units put a focus on the fundamentals of Security Risk Management responsibilities: starting with the importance of establishing effective workplace relationships, managing a safe workplace, implementing effective communication techniques, assessing risks, advising security needs, monitoring security operations and facilitating workplace briefing and debriefing processes.
Elective units build on core units according to the direction you want to take your qualification. Directions include customer service, financial activity, technology, small business, security equipment, investigations, network security and biometrics.
Examples of Position Titles relevant to Certificate IV level work:
- Security System Installer
- Ability to lead workplace relationships
- Security Coordinator
- Investigations Coordinator
- Biometrics Security Consultant
The role of a Risk Manager sits at a Diploma level, as a general rule. Risk Managers are responsible for communicating risk policies and the overall policies and procedures for an organisation that minimise and manage risks. This includes development of risk models, monitoring and improving controls to ensure there is effective risk management at an operational and strategic level.
To achieve these outcomes, a Risk Manager is going to need to ensure extensive and appropriate research and quantitative and qualitative analysis has occurred. Risk Managers must have the business skills to communicate effectively through a range of reports, negotiations and educational presentations, balanced with savvy business and operational knowledge.
To complete the Diploma of Security Risk Management through Recognition of Prior Learning (RPL), you need to demonstrate at least two years experience in:
- Establishing and maintaining a WHS system
- Coordinating security operations
- Assessing security risk management options
- Ensuring team effectiveness in a security/risk management environment
The Diploma of Security Risk Management has 12 units of competency, seven of which are core (or mandatory) units, and five elective units of competency.
The core units address skills and knowledge in these areas:
- Establish and maintain an occupational health and safety system
- Coordinate security operations
- Assess security risk management options
- Manage quality customer service and people performance
- Manage personal priorities, professional development and team effectiveness
At this level you are the person spearheading the effectiveness of an organisation – from high level delivery on strategy to strongly designing a positive people culture.
Advanced Diploma skill sets are highly sought after. At the advanced diploma level, your leadership and management experience is complimented by specialist skills and knowledge, in a range of contexts.
You demonstrate judgement, initiative, planning and implementation across a range of functions. You are responsible for a range of individual and team objectives. You use well-developed communication and cognitive skills to analyse information from a range of sources. You mentor others and create strategies to address complex problems.
There are no pre-requisites to enrol in the Advanced Diploma of Leadership and Management. The qualification is comprised of four core units plus eight elective units.
As with the Certificate IV, elective units can be chosen according to the direction you want to take your SRM career – be that risk management, biometrics, financial security, network security or business, marketing and HR management.
Examples Position Titles:
- Program or Project Administrator/Coordinator
- Security Advisor
- Site Supervisor
- Risk Consultant (Security)
- Investigations Manager
Using RPL qualifications as credit towards university studies:
Many people who have gained qualifications with Churchill Education have used them to gain credit towards further education, including Bachelor degrees or Masters at university. All nationally recognised qualifications can be used for credit transfer. Most universities state that the amount of credit granted depends on the specific application of an individual.
What Other Qualifications Complement a Security Risk Management Career?
Security Risk Management is a career path that is best built on the back of another career and this is why: it builds on life experience, and the ability to think about not just the risks right in front of you but the risks that are emerging as society, business and technology changes.
Yes, it requires some strong analytical abilities but it also needs to be practical and form part of the bigger picture for what success looks like for an organisation. At the managerial level you need to be a business thinker first, and a risk manager second, which makes a professional background in business or organisational operations a strength.
In preparing this report, we spent considerable time reviewing online job advertisements and position descriptions to see what other skills and qualifications employers are looking for.
The specialist complementary skills and qualifications we often found mentioned were:
- Leadership and Management skills
- Incident Investigation qualifications
- Work Health Safety qualifications
- Quality Auditing qualifications
- Human Resources qualifications
From there, it helps to align the qualifications to a similar level that sits with your Security Risk Management qualification.
Certificate IV Level
If you are at Certificate IV level in Security Risk Management, then you could consider adding some academic recognition of your skills and knowledge in one or more of the following qualifications:
- BSB40215 – Certificate IV in Business
- BSBS41015 – Certificate IV in Human Resources
- BSB42015 – Certificate IV in Leadership & M’ment
For SRM positions requiring specialist/tech skills:
- TLI542016 – Certificate IV in Logistics
- BSB41415 – Certificate IV in Work Health and Safety
- PSP40416 – Certificate IV in Gov’t Investigations
If you are at Diploma level in Security Risk Management then you could consider adding some academic recognition of your skills and knowledge in one or more of the following qualifications:
For SRM positions in business and people management:
- BSB52015 – Diploma of Business
- BSB50618 – Diploma of Human Resource M‘ment
- BSB51918 – Diploma of Leadership and M’ment
For SRM positions requiring specialist / tech skills:
Advanced Diploma Level
If you are at Advanced Diploma level in Security Risk Management, then you should consider adding some academic recognition of your skills and knowledge in one or more of the following qualifications:
For SRM positions in business and people management: