This week we continue our previous piece on HR Keywords for Growing Your Infosec Skills and Career. In our previous installment we examined some training and knowledge cultivating terms for increasing the value of their team or themselves. This week we will focus on another aspect of creating opportunity in your career, the Scanlon Plan.
Scanlon Plans are gain sharing programs where employees are rewarded for cost savings. This can be something as informal as placing ideas into a suggestion box, to company wide assigned areas for cost reduction or efficiency improvement on a recurring basis. If your company does not have a Scanlon Plan, then this is a great opportunity to bring it to the attention the executives in your organization. Who doesn’t want to hear about improved efficiencies, reduction in waste, and better margins? With a properly designed Scanlon Plan employees can receive financial rewards for making the organization more efficient. Who doesn’t want extra money?
How does this relate to Information Security or anything else? Do we really want to cut costs in our own area? Companies that implement Scanlon Plans as a suggestion box are looking for any way to save costs. This does not necessarily apply to your department, but the company as a whole. This can be an opportunity for Infosec personnel to help other departments find ways of cuttings costs. Working with other departments may be an “extra-curricular” activity to some supervisors; however, the importance of supporting the business should factor into middle management’s support for these programs.
Proactively working with other managers provides the opportunity to understand the business more, which will help Infosec personnel understand what is important to the business, and what needs to be protected. For example, working with manufacturing to reduce waste by implementing a recycling program can reduce costs which frees up capital for other purposes, such as information protection. Some of the scrap from the manufacturing process could be sold to a recycler, reducing the overall operating costs of the manufacturing operation. These savings are not only of interest to the manufacturing department, but it could be helping the goals of the Corporate Social Responsibility (CSR) department or program if one exists. This provides recognition from management, but can also help with improving security.
Another example involves finding something unrelated to Infosec that allows the VP of Operations to save money. That’s great! What if Infosec professionals approach him/her and offer to help them implement the changes that will save them money? In exchange for becoming the project manager and seeing the changes through to completion, the VP agrees to spend part of the savings on additional security measures. The VP of Operations gets a bonus for reducing their budget, the Infosec professional receives their bonus for a cost reducing idea, and security was improved during the process. A little barter was used in this scenario, but several end goals were accomplished.
This approach is a transition from employee to stakeholder. It offers opportunity for Infosec professionals to grow into GRC roles over time by helping the organization with its efficiency. Inefficient business processes are one Risk in GRC. By promoting process improvement and efficiency Infosec professionals go from the department that always says, “No!” to true stakeholders in the business. This gets us a seat at the executive table because we are involved in the business and we can demonstrate value by using our creativity to solve business problems. That alone can be a career changer or career booster.
Human Resource Management 12th ed. Mondy