Skip to main content
Image coming soon

The Corporate Security Convergence Playbook for Large US Banks

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Corporate Security Convergence Playbook for Large US Banks

A bank Corporate Security operating model that ties GSOC, executive protection, insider threat, and the CISO fusion line on one cadence.

The GSOC, the insider threat analyst, the executive protection lead, the branch incident desk, and the CISO's SOC each see one slice of the same threat picture. The Board Risk Committee wants one brief that ties them together. The operating model that produces that brief is what this course teaches.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Corporate Security at a large US bank is not one function. It is six. Physical security and the GSOC monitor alarms across hundreds of branches and corporate sites. Executive protection plans CEO and board travel and handles principal residences. The insider threat program reads HR signals, badge anomalies, and DLP hits against a watchlist that the CISO co-owns. Branch incident response handles robberies, workplace violence threats, and customer altercations. Investigations support fraud, AML, and HR on cases that cross into criminal exposure. And the fusion line into the CISO carries everything that touches both a person and a system. Each silo has its own SOP binder, its own vendor stack, its own reporting line, and its own narrative for the quarterly Board Risk Committee pack. When the regulator asks how you decide which incidents rise to the operating risk committee, or when the General Counsel asks how the insider threat program respects privacy law in every state where you have branches, the answer is held in five different heads. This course replaces that with one operating model and the artefacts that prove it works.

What you walk away with

  • A single Corporate Security operating model that ties GSOC, executive protection, insider threat, branch incident response, investigations, and the CISO fusion line on one cadence.
  • A GSOC triage queue and routing logic that handles physical, insider, and fraud-overlap signals without the shift lead guessing.
  • An insider threat charter that HR, Legal, and Privacy will sign, with the state-by-state monitoring scope written down.
  • An executive protection program that survives a CEO travel schedule, a principal residence review, and an event with public exposure.
  • A quarterly Board Risk Committee Corporate Security pack that ties incident volumes, trends, and resourcing to enterprise risk appetite.

The 12 modules

Module 1. The bank Corporate Security operating model
Why bank Corporate Security is six functions, not one. The reporting lines that work and the ones that break under regulator scrutiny. How the function sits relative to the CISO, the CRO, the General Counsel, and the regional presidents. The decision rights that have to be written down before any operating cadence works. The two pages of governance that the Board Risk Committee actually reads.
Module 2. GSOC triage and the routing queue
How a 24x7 GSOC handles a branch alarm, an executive travel hit, an insider threat ping from DLP, and a fraud overlap signal in the same shift without the shift lead guessing. The routing rules that move each signal to the right downstream owner. The handoff SLAs that hold up under audit. The dashboard the CSO needs at 08:00 to know which incidents from overnight need a phone call before stand-up.
Module 3. Insider threat program design without tripping privacy lines
How HR, Legal, Privacy, and the CISO co-own the insider threat watchlist. The data sources you can use legally in every state where you have branches and the ones that need a specific predicate. The DLP and badge anomaly triggers that earn an analyst review and the ones that earn a case file. How the program survives a state attorney general inquiry on employee monitoring.
Module 4. Executive protection that works around a CEO calendar
Threat assessment for the CEO, the General Counsel, the regional presidents, and the named director with public exposure. Travel advance, residential security, event coverage, and the open-source intelligence feed that catches escalation early. The detail roster, the standing post orders, and the principal handoff protocol when the CEO travels overseas. The Board Audit Committee's questions on cost and proportionality and how to answer them.
Module 5. Branch incident response and workplace violence
The robbery protocol that holds up under FBI questioning, the workplace violence threat assessment team standing operating procedure, and the customer altercation playbook for branch managers. How the branch incident desk integrates with the regional president's morning brief. The post-incident support cycle for affected staff. The regional pattern dashboard that catches a cluster before it becomes a case study.
Module 6. Investigations support to fraud, AML, and HR
Where Corporate Security investigations stops and the fraud investigations team starts. The case intake form that prevents conflict and double-jeopardy on cases that cross into criminal exposure. The standing relationship with local FBI, Secret Service, and US Attorney offices that lets you escalate without a six-week onboarding call. The chain-of-custody discipline that holds up if the case goes to trial.
Module 7. The fusion line into the CISO
What "physical-cyber convergence" actually means in operating terms. The signals that cross both sides (badge plus VPN anomalies, terminated employee plus DLP, branch incident plus card-cloning) and the joint triage cadence that catches them. The MOU between Corporate Security and the CISO that names who owns which incident type. The unified threat picture that the Board sees once per quarter.
Module 8. Threat intelligence for a bank Corporate Security function
What feeds matter to Corporate Security, distinct from what feeds matter to the SOC. Domestic violent extremism signals against branches and executives, geopolitical signals against international travel, organised retail crime and ATM attack patterns, insider recruitment activity on dark forums. How to brief the CSO in 15 minutes once a week with the three things that changed.
Module 9. Vendor management and the guard force contract
The contract clauses that matter in a national guard force agreement, the SLAs that hold under a real incident, and the cost lever the regional presidents will press on every budget cycle. How to manage the GSOC platform vendor, the executive protection support firm, and the insider threat tooling vendor against a single Corporate Security technology roadmap rather than three accidental ones.
Module 10. Regulatory exposure for a bank Corporate Security function
The OCC heightened standards expectations that touch Corporate Security. The CFPB consumer harm questions that branch incident data can answer or hide. The state privacy laws that govern insider threat monitoring. The FBI and Secret Service liaison expectations. How the function shows up in the bank's resolution and recovery planning and in the operational resilience self-assessment.
Module 11. The Board Risk Committee Corporate Security pack
What goes in the quarterly pack and what stays out. The incident volume trends that matter, the resourcing asks that earn approval, and the risk appetite statements that need refresh. The single page that lets a non-security director understand whether Corporate Security is operating inside appetite, near it, or over it. The narrative section that connects this quarter's losses and near-misses to the bank's broader enterprise risk picture.
Module 12. The 90-day Corporate Security operating model rollout
Week-by-week sequence to stand the operating model up. What the CSO signs in week one. What the GSOC starts running in week three. What the insider threat charter looks like by week six. The first Board Risk Committee pack under the new model by week ten. The signal you watch in weeks eleven and twelve to know it is holding without you in every meeting.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

Module 2 (GSOC triage) is the one to read first if the overnight shift queue is already mixing signals and the shift lead is guessing on routing.
Module 3 (insider threat program design) is the one to read first if Legal or Privacy has flagged the current monitoring scope.
Module 7 (CISO fusion line) is the one to read first if the CISO and Corporate Security are arguing over who owns terminated-employee or badge-plus-VPN cases.
Module 11 (Board Risk Committee pack) is the one to read first if the next quarterly pack is in three weeks and you are not sure the narrative ties to enterprise risk appetite.

What you get with this course

  • Twelve written modules with the operating model, SOPs, charters, and reporting templates.
  • GSOC routing logic, triage SLAs, and shift handoff template.
  • Insider threat charter draft with HR, Legal, and Privacy sign-off blocks.
  • Executive protection program documents: threat assessment, travel advance, residential review, event coverage.
  • Quarterly Board Risk Committee Corporate Security pack template with worked example.
  • Per-buyer implementation playbook tuned to the buyer's bank footprint, regulatory regime, and current operating gaps.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours: learning environment account provisioned, all twelve modules and template artefacts available.

Within 24 hours: per-buyer implementation playbook delivered alongside course access, tuned to the buyer's bank footprint and current operating gaps.

Weeks 1-4: GSOC triage queue, insider threat charter, and CISO MOU drafted from the templates.

Weeks 5-8: executive protection program documents refreshed, branch incident response SOPs aligned, investigations intake form deployed.

Weeks 9-12: first quarterly Board Risk Committee Corporate Security pack delivered under the new operating model.

Before and after

Before

Six Corporate Security functions running on six SOP binders. The CSO holds the convergence picture in their head. The Board Risk Committee pack reads as a list of incident counts with no narrative. The CISO and Corporate Security argue at the margin on insider cases. Legal and Privacy refresh their concerns about insider threat monitoring every six months.

After

One Corporate Security operating model that ties GSOC, executive protection, insider threat, branch incident response, investigations, and the CISO fusion line on one cadence. A Board Risk Committee pack that ties incident trends to enterprise risk appetite. A signed insider threat charter that survives a privacy audit. A CISO MOU that names who owns which incident type. The CSO no longer the single point of convergence in their own head.

What happens if you do not address this

The next major insider threat case, the next branch workplace violence event, or the next executive travel incident will surface the absence of a single operating model. Board questions on how Corporate Security decides what rises to enterprise risk will be answered by the CSO from memory, and the answer will not match the answer from the CISO or the General Counsel. Regulatory inquiries on insider monitoring scope will find the program running on practice rather than on a signed charter.

Who it is for

Built for the Corporate Security leader at a US regional or super-regional bank running a multi-state branch footprint, a GSOC, an executive protection detail, an insider threat program, and a fusion line into the CISO. Typically reports into the Chief Security Officer, the Chief Risk Officer, or General Counsel. Sits across the table from the CISO, the Head of Fraud, the Head of HR Investigations, the General Counsel, and the regional bank presidents. Owns the answer to "how does Corporate Security show up in enterprise risk" without owning the technology stack of any one piece.

Who this is NOT for. Not for a SOC analyst hunting cyber threats. Not for a fraud operations leader tuning transaction monitoring rules. Not for a physical security guard force vendor. The course assumes you already run the function and you need the convergence operating model and the artefacts that prove it to the Board and the regulator.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Around 14 to 18 hours of reading and template work over the first month, then ongoing use of the operating cadence and the quarterly pack format.

Why $199 is the right number

Generic Corporate Security certifications cover the body of knowledge but do not produce the bank-specific operating model or the Board Risk Committee pack template. A consulting engagement to design the same operating model runs into six figures and twelve weeks of interview cycles. This course gives you the working artefacts and a per-buyer implementation playbook tuned to your footprint at 199 USD.

FAQ

Does this cover physical security technology selection?
Module 9 covers the vendor and guard force contract structure and the technology roadmap. It does not recommend specific GSOC platforms or access control vendors. The choice depends on your existing stack and the implementation playbook will pick that up.
Does this teach the SOC side of physical-cyber convergence?
No. Module 7 covers how Corporate Security and the CISO co-own convergence as an operating problem. SOC operations themselves are out of scope. The reader is assumed to lead Corporate Security, not the SOC.
Is the insider threat module scoped to US banks only?
The legal scope discussion is US-focused, with state-by-state monitoring guidance. The operating model and HR/Legal/Privacy coordination logic transfers cleanly to other jurisdictions, but you will need to substitute the local privacy regime.
How is the implementation playbook tuned to my bank?
After enrolment, your bank footprint, the structure of your Corporate Security function, and the gaps you flag on intake get reflected in the playbook. It arrives within 24 hours alongside course access and points to which modules to read first.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!