Good afternoon everyone, my name is Ian Gilbert, the Corporate Security Director of Amazon.com, a Fortune 500 company that conducts e-retail business. I am pleased to be accorded this rare opportunity to speak at the ASIS International Seminars and Exhibits on the security profession, its challenges, operations, and roles of a security officer in protecting Fortune 500 organizations. I thank every conference attendant for creating time to attend the seminar and to interact with colleagues, albeit from various organizations, on the critical issue of corporate security preservation in the 21st century. I also thank ASIS International for organizing this seminar to enable professionals of diverse levels and rankings to share their expertise on organizational security status today. Today, my role is to educate you on my roles and responsibilities as a Fortune 500 corporate security director. I look forward to having an interactive session with everyone.
We are all aware that the organizational security environment has become more dynamic, right? Today, businesses are undertaking increased risks, such as operating new technology, hiring virtual support staff, expanding operations to new territories globally, and revolutionizing their internal and external operational strategies. We all agree that as businesses take on more risks, security threats increase, which mandates the security departments to be quick to implement asset protection measures in keeping up with business changes. Business assets, in my understanding, comprise people, such as employees and clients, property, such as office buildings and merchandise, vital information, such as patents, employee and vendor data, and the image of the organization ( Aven, 2016) . As a corporate security director, my primary task is to ensure that the business does not operate in fear of losing the assets mentioned above.
Delegate your assignment to our experts and they will do the rest.
The current business environment faces increased threats that require efficient mitigation and control strategies. Even though Amazon.com is an e-commerce organization, it has tangible and intangible assets that I am mandated to protect. However, just as any corporate security director seated here today, I experience challenges in executing my job that warrants extensive solution applications. Some of the operational challenges I have encountered in my role at Amazon.com to date include strategic planning, threat assessment, ensuring employee awareness of security risks, effectiveness of security personnel under me, and security protection compliance issues from internal and external employees ( Taylor, 2015) . As a corporate security director, Amazon.com expects me to coordinate security risk mitigation measures using assigned company resources. We all agree that we are expected to conduct key fundamental steps for the risks to be assessed and controlled effectively.
Adequate strategic planning to mitigate risks starts with identifying a potential threat, assessing its frequency based on history, checking the amount of danger it poses for the organization, creating effective risk mitigation strategies, and implementing them. Additionally, we are expected to use the cost-benefit analysis method to evaluate the efficiency of the risk mitigation strategies we have instituted regularly to identify weaknesses that warrant timely repair. The above steps require financing, which is sometimes limited. Therefore, to solve the strategic planning problem, I have trained my security personnel to report any concerns as quickly as possible to prevent excessive funds to repair larger damages. For instance, I think reporting a consistent spammer will help me reduce my strategic planning process by blocking the spammer instead of fixing a successful hacking attempt. In undertaking the above approach, I also solve the challenge of ensuring employee awareness of risks. For an individual to quickly identify a phishing attempt, they are fully aware of security threats, how to identify them, and the appropriate reporting channels to use for quick prevention resolution. I also solve the threat assessment operational problem because a security breach-aware employee is well-versed with conducting a potential threat assessment before reporting the issue to security officers. The Amazon.com worker described above is also compliant with security protection protocols, including the primary rule that every suspected threat must be reported promptly. I will discuss how I achieve employee effectiveness in the coming section below.
I also encounter problems in executing my job, such as continuous cyber-attacks of the Amazon.com platform. Further, I struggle to prevent identity thefts and unethical business operations and ensure the company screens suitable business continuity candidates. In resolving the above issues, I have partnered with banks to protect credit card information protection and have created a two-step verification platform for clients to prevent identity theft. Additionally, every candidate sits a thorough online, physical, and oral examination before being hired at Amazon. The company conducts extensive background checks on potential hires from former employers to ensure it does not employ people who breached security protocols in their previous roles. In the above ways, I solve the possibility of unethical business conduct.
I believe the room's corporate security directors will agree that the most challenging roles they have are loss prevention, investigation, administration, and managerial functionalities. As Amazon.com's corporate security director, my roles as a loss prevention officer include evaluating business assets' value and preventing their loss from security threats. I assess current values attached to existing tangible and intangible assets and the cost the company would incur if any of the assets were damaged. I then mitigate the risk using the already mentioned steps above: conduct threat assessment, identifying mitigation strategies, and implementing them. Sometimes, Amazon.com receives theft identity complains because, as we all agree, security risk mitigation protocols may fail because of stakeholder naivety or utter refusal to comply with protection protocols. Every time I receive the above complaints or others of the same nature, I authorize the conducting of undercover investigation to apprehend the culprit. My security personnel tracks the complainants' transactions on Amazon.com using artificial intelligence or data analytics tools, and then we assess the possible source of threat and handle it by involving legal officers. My administrative functionalities include ensuring smooth operations of my junior employees, conducting security awareness training with key leaders, ensuring implemented security risk mitigation strategies are working, and attending leadership meetings to provide input or update the company on its current and future security positions. As a manager, I ensure the seamless operations of the above administrative functions by regularly conducting personnel performance evaluations to identify areas that require improvement.
As a corporate security director at Amazon.com, I am expected to have critical skills to ensure my roles' smooth functioning:
The company expects me to have leadership skills to ensure my junior personnel executes their duties effectively. Therefore, I have perfected my oral and written communication skills to effectively communicate new security protocols to junior security supervisors and team leaders, who in turn transmit the above measures to employees.
Every security director must possess excellent technical skills. As security threats change daily, we are mandated to be a step ahead of current technology that businesses may adopt and their potential threats to organizational security ( Choi, 2016) . Using the above information, we can devise efficient risk mitigation strategies to ensure our employers conduct business safely.
All security directors must be well-versed with security awareness and training strategies. Newly hired leaders at Amazon.com do not have prior information on the protection of company asset methods. Therefore, I use my security awareness knowledge to train leaders on ensuring asset protection in their departments.
A security director must have protocol benchmarking skills to ensure that the set asset loss prevention measures are adequate and identify any weaknesses that require immediate remediation.
As a security director, an individual must be aware of possible risks that the organization may face in the future to enable the creation of proper risk mitigation strategies.
All security directors must possess financial assessment and business operation evaluating skills to ensure they are aware of how their businesses function to identify possible sources of security breaches.
Today, the world is global village that requires the consultation of everyone for seamless business operation. I am a firm believer that security at Amazon.com starts at the grassroots where clients interact with the system using various machines, such as smartphones, laptops, computers, and tablets. Therefore, Amazon.com expects all its users to create a password-encrypted account linked to their emails before they can contact sellers or interact with other buyers on the platform ( Yawson & Greiman, 2014) . Using the technology above, clients protect their user identity because unless they dispense their information to third parties, no one can use their accounts to interact with Amazon.com. Additionally, I ensure the company complies with security risk mitigation and protection protocols from the federal government, such as the Occupational, Safety, and Health Administration (OSHA) rules and regulations. Moreover, I frequently attend security protection seminars organized by verified bodies, such as ASIS International, where I interact with security directors and other leaders to learn current risk mitigation practices and how to apply them. Moreover, I have assured all employees at Amazon.com that if they cannot contact any junior security personnel because of the latter's conflicts or unavailability, they should contact my office directly, and they will receive prompt aid. Amazon.com also holds regular online training on security awareness for all employees and executives as a means to ensure the company assets are well-protected. Finally, as a security director, we ensure our vendors and suppliers receive extensive security protection training bi-weekly to help in asset loss prevention in the long run.
I would like to thank everyone who has attended today's session to listen to my presentation on running the security docket at Amazon.com. I hope my information on the challenges I experience and the solutions implemented will help you improve your current risk mitigation strategies at your organization. I am sure that most of you can identify with the roles and responsibilities I am tasked with at Amazon.com and can all agree that we must engage all external and internal stakeholders of our organizations for adequate protection of company assets. Further, let us strive to continue perfecting our businesses' skills to remain competitive and achieve sustainability in the long run. Thank you for listening to me. Does anyone have any questions on the issues I have discussed in my presentation or any other thing? I now open the floor for a question/answer discussion session.
References
Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their Foundation. European Journal of Operational Research , 253 (1), 1-13. https://doi.org/10.1016/j.ejor.2015.12.023
Choi, M. (2016). Leadership of information security manager on the effectiveness of information systems security for secure sustainable computing. Sustainability , 8 (7), 638. https://doi.org/10.3390/su8070638
Taylor, R. G. (2015). Potential problems with information security risk assessments. Information Security Journal: A Global Perspective , 24 (4-6), 177-184. https://doi.org/10.1080/19393555.2015.1092620
Yawson, R. M., & Greiman, B. C. (2014). Stakeholder Analysis as a Tool for Systems Approach Research in HRD. Leading Human Resource Development through Research , 1 (1), 1-29. https://mpra.ub.uni-muenchen.de/61278/1/MPRA_paper_61278.pdf
