In its more than 200 year-history, Harsco had never had a CSO or even much interest in security. That changed in 2008 when the industrial services company asked Rick Kelly to come in as CSO and create a security and risk function. This was no small task: Harsco has 450 locations in 55 countries and had $3 billion in revenues last year.
Although Kelly had never worked in the private sector before, he was very familiar with large, multinational security problems from the time he spent in charge of planning and strategy development for the FBI's counterterrorism division.
"They had nothing as far as security was concerned: No central monitoring, no metrics, nothing," says Kelly, who is now CSO at Ingersoll Rand. "There were so many things that needed doing [that] it was like drinking water from a fire hose."
Harsco may have never needed a security operation more than it did when it hired Kelly. The global financial crisis hit it hard. The company lost almost $1 billion in revenue and had to shed about 5,000 employees. This forced it to shift the focus of its operations from Europe to emerging markets such as China, Brazil and India. While these new markets have huge opportunity for growth, they also have great security risks.
Kelly's first step was to put in a global security policy that included travel security procedures so the company could know where people in risky areas were at all times. "I made it clear that our number one priority was protecting our people," he says. The company's global traveler locator program gathers information from its partners to provide real-time intelligence to all employees on the move internationally.
The 2012 CSO Compass Award Honorees
This year's CSO Compass Award winners point the way toward risk management that's more inclusive -- and more exact
He also faced another, equally important challenge: proving to this giant organization that security has bottom-line value. "I had to constantly prove that security isn't just guns, guards, locks and gates," says Kelly. He did this by improving security through centralization and automation and by creating metrics that made it clear to senior executives how security was helping them.
For example, he centralized the physical security function, which improved the protection of global assets without weighing heavily on each business unit's budget. Harsco's enterprise risk management system will soon handle all alarm monitoring, CCTV and access control functions around the world from one location.
As if all this wasn't enough, in 2010 Kelly was promoted to chief compliance officer and asked to build another global program, this time focusing on regulatory compliance and fighting corruption. Since then, Harsco has implemented a global hotline for reporting fraud, created the Office of Global Compliance, and conducted the company's first-ever cultural survey of its employees' attitudes about integrity and compliance. This has enabled each business unit to come up with plans to address gaps in their compliance programs.
Kelly expects to find more on his plate soon, and he can't wait. "I eat it up like a dog on a meat wagon," he says.