When Alan Nutes joined Newell Rubbermaid earlier this year as senior manager, security and incident management, he was returning to the corporate world after a hiatus of 21 months in the public sector. Nutes' time in the public domain stands in stark contrast to the rest of his career, particularly in how security initiatives are approved.
For instance, at the City of Atlanta's Department of Watershed Management, where Nutes was security manager, anything over $20,000 required approval from the city council, which could take months and even a year. In addition, most security programs were in response to shoring up critical infrastructure or complying with government regulations. "If it wasn't considered critical, chances are the city would not have done it," Nutes says.
[Read the main article 9 keys to getting stuff done in a big company]
At Newell Rubbermaid, on the other hand, there's no set limit to a purchase order--the gating factor is educating business unit leaders on best practices and the need for increased security measures. "One facility is [subject to Homeland Security regulations] because it deals with chemicals, but everything else is education, education, education and explaining security needs," Nutes says.
The global security program at Newell Rubbermaid is just 2 years old and was formed as part of an overall initiative begun in 2005 to create corporate-wide business services. Nutes is in charge of business continuity and organizational resilience for 120 locations in North America. So far, he has been working with business units on risk assessments, in addition to developing security policies and procedures. The five-year plan is to create a global security operating center for North America and Latin America, ultimately extending to Europe and Asia-Pacific.
An initial undertaking was standardizing physical security devices. "We did a gap analysis and discovered a mish-mash of systems, so we're creating a standard for access control, cameras and badging systems," Nutes says. Individual business units are responsible for budgeting for these new requirements, and that's where the education really comes in, he says. "The whole concept of security is a big mindset change," he says.
"The biggest thing is convincing them why it's needed."
[Learn more about public versus private mindset in How to move from a public- to a private-sector security job]
It helps that Nutes has the backing of senior management, as well as the internal audit organization. He also works with coordinators at each facility, either in the human resources or facilities departments, who help champion the security goals.
"It's been an amazing experience to see how many groups are supportive--they just need to be walked through the process," he says. "I've been very fortunate in what I've been able to accomplish in six months."