Skip to main content
Image coming soon

The Bank Security Officer's Operations Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Bank Security Officer's Operations Playbook

Run the control room, the lobby, the alarm queue, and the quarterly risk report a bank security officer is held accountable for.

The quarterly physical-risk report is the artefact that decides whether physical security gets a seat in the operating-model conversation or stays a cost line. Most security officers can run the control room and the lobby fine. The report is where the function stalls.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

Most bank security officers inherited a function that was set up for guards, locks, alarms and CCTV. The control room runs. The lobby is staffed. The alarm contract is in force. What hasn't kept up is the reporting layer that the enterprise risk committee, the operational risk function, internal audit, and the regulator now expect. The committee wants physical risk reported in the same language as operational and IT risk. Audit wants the contractor-access register reconciled monthly. The risk function wants the after-hours alarm-response runbook tied to a residual-risk score, not a paragraph of prose. None of that was in the original job description. All of it lands on the security officer's desk now, alongside the day-to-day calls about a fire panel, a lobby incident, an executive's travel, a contractor turning up without a pre-clearance. The skill that decides whether the function thrives is the ability to run the operational layer cleanly and translate it upward in language that the risk committee already speaks. This course teaches that translation, end to end.

What you walk away with

  • A control-room shift-handover format the next shift actually reads and the next-day audit pulls cleanly.
  • An alarm-response runbook the guard contractor follows verbatim and the operational risk function can score.
  • A contractor and vendor access register that reconciles to the access-control system monthly and survives an audit walkthrough.
  • A workplace-violence and active-threat response protocol the people function and legal will both sign off on.
  • A quarterly physical-risk report the enterprise risk committee engages with and the regulator accepts.

The 12 modules

Module 1. Control-room shift handover that survives the next day
The handover log most control rooms run is a free-text diary that the next shift skims and audit cannot pull. This module rebuilds it as a structured handover with five required fields per entry: incident type, location code, action taken, escalation status, open follow-up. You build the template, the shift-supervisor sign-off, and the next-day operations brief that reads off it cleanly.
Module 2. The alarm-response runbook the guard contractor actually follows
The runbook the contracted guard service uses is usually the contract appendix written three years ago. This module rewrites it as a decision tree from alarm signal to closure: signal source, verification step, dispatch decision, on-site action, escalation threshold, log entry. You build the runbook, the contractor table-top to test it, the monthly compliance check, and the metric the operational risk function uses to score residual risk on alarm response.
Module 3. Lobby and visitor protocol that holds up under a regulator walk-through
The lobby is the most public surface of the security function and the first thing a regulator or internal audit examines. This module covers visitor pre-registration, identity verification, badge issue and recovery, escort policy for unbadged contractors, photography and recording rules, and the lobby-incident log. You build the protocol, the front-desk training script, the daily lobby-check, and the walk-through brief for an audit or regulator visit.
Module 4. Contractor and vendor vetting tied to access control
The contractor-access register is one of the audit findings that recurs every year for a reason: it never reconciles to the access-control system. This module builds the vetting workflow from request to badge issuance to badge return, the monthly reconciliation against the access-control database, the quarterly access review with the sponsoring business owner, and the exception process for short-notice contractors. Includes the data model for the register and the SQL or report logic to reconcile it.
Module 5. CCTV retention and pull-request discipline
CCTV exists for two purposes that pull in opposite directions: live monitoring and after-the-fact investigation. This module sets the retention policy by camera class, the pull-request workflow for incidents, employee disputes, and legal hold, the chain-of-custody handling when footage leaves the security function, and the privacy review for any pull that touches employee conduct. You build the policy, the request form, the approval workflow, and the audit log of every pull.
Module 6. Workplace-violence and active-threat response
The protocol that the people function, legal, and security have to agree on before the incident happens, not during. This module covers the pre-incident behavioural-warning intake from managers, the multi-disciplinary threat-assessment team, the protective measures menu, the active-threat lockdown procedure, the post-incident return-to-work and witness-support sequence. You build the protocol, the manager intake form, the threat-assessment team charter, and the table-top exercise that proves the protocol works.
Module 7. Executive protection cadence for a non-celebrity employer
Most banks and regulated employers do not run a celebrity-grade executive protection programme and should not pretend to. This module covers the proportionate cadence: senior-executive travel risk briefing, residential review on appointment and on threat change, public-event protective sweep, social-media exposure monitoring, and the relationship with the executives' chiefs of staff so the function is invited in early rather than at the last minute.
Module 8. Physical-cyber convergence cases that land on your desk
The cases that don't fit either function cleanly: a tailgater who plugged a device into a lobby workstation, a contractor with a cloned badge, an after-hours alarm that turns out to be a server-room intrusion. This module covers the joint-investigation protocol with the CISO and the SOC, the chain-of-custody sequence for physical and digital evidence, and the escalation map for the first thirty minutes.
Module 9. After-hours and weekend escalation that holds
The 02:00 alarm. The Sunday-morning broken-window call. The Friday-night executive-residence concern. This module builds the on-call rota that is genuinely sustainable, the escalation thresholds that decide when the security officer is woken and when the duty shift supervisor handles it, the contact-tree maintenance discipline, and the Monday-morning review that closes every weekend incident into the standing log so nothing slides.
Module 10. The quarterly physical-risk report the committee actually engages with
The deliverable this course is built around. This module gives you the six-page format: the residual-risk heatmap by site and threat category, the top-five incidents of the quarter with root-cause and action, the contractor and access metrics, the alarm and CCTV metrics, the workplace-violence and threat-assessment activity, and the forward-look on standing controls and projects. You build the template, the data pulls behind it, and the speaking note for the committee.
Module 11. The table-top exercise programme
One table-top a quarter is enough if each one is genuinely about something the function struggles with. This module covers the exercise calendar, the scenario design discipline that picks scenarios from the previous quarter's incidents, the participant invitation that gets the operational risk function, internal audit, the people function and the CISO into the room, the facilitation script, the after-action report, and the tracking of action items from one exercise to the next.
Module 12. Brief the enterprise risk committee in six slides
Once a quarter the committee reads physical-risk in the same pack as operational, conduct, and IT risk. The slot is typically eight to twelve minutes. This module gives you the six-slide deck that fits that slot: the residual-risk position, the quarter's incidents in one chart, the top-three open issues, the regulatory and audit interactions of the quarter, the standing-controls status, and the asks of the committee. Worked sample with the speaking note that has landed in similar committees.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

When the operational risk function asks for residual-risk scores on the alarm and CCTV programmes: modules 2, 5, 10 cover the scoring framework, the data behind it, and the format the operational risk function will accept.
When internal audit pulls the contractor-access register and finds the usual reconciliation gap: modules 4 and 11 cover the reconciliation discipline and the table-top that proves it works.
When the chief people officer brings a workplace-violence concern from a line manager: module 6 covers the multi-disciplinary intake and the threat-assessment team that legal and HR will both sign off on.
When the regulator or a senior auditor asks for a walk-through of physical security: modules 3, 5 and 10 give you the lobby protocol, the CCTV pull discipline, and the quarterly report that frames it all.

What you get with this course

  • Twelve written modules with downloadable templates, sample logs and worked examples for every module.
  • The control-room shift-handover template, the alarm-response runbook decision tree, the contractor-access reconciliation workflow, the CCTV pull-request form, the workplace-violence intake form and threat-assessment charter.
  • The six-page quarterly physical-risk report template with sample data, sample heatmap and sample committee speaking note.
  • The table-top exercise scenario library with four worked scenarios drawn from common bank-security situations.
  • The hand-built implementation playbook tailored to your control-room setup and the way your employer reports physical risk to enterprise risk.
  • Access in the Art of Service learning environment for the standing version of the course and any updates issued during your access window.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours of purchase: account provisioned in the Art of Service learning environment and the hand-built implementation playbook delivered alongside it.

Weeks one to four: modules 1, 2, 4 and 5 to lock down the control-room handover, the alarm runbook, the contractor reconciliation and the CCTV discipline.

Weeks five to eight: modules 3, 6, 7 and 8 to upgrade the lobby protocol, the workplace-violence protocol, the executive-protection cadence and the convergence response.

Weeks nine to twelve: modules 9, 10, 11 and 12 to land the after-hours discipline, the quarterly report, the table-top programme and the committee brief in time for the next quarterly cycle.

Before and after

Before

You run the control room, the lobby, the alarm contract and the executive-protection cadence at a competent operational standard. The quarterly report you take to the risk committee is the same heatmap and the same incident count it has been for several cycles. The committee acknowledges it and moves on. Audit findings on the contractor-access register and the CCTV pull log recur. The function is delivering but is not seen as a contributor to enterprise risk.

After

The control room, the lobby, the alarm runbook, the contractor register, the CCTV pull log and the workplace-violence protocol all run at an audit-survivable standard. The quarterly report reads in the same language as operational and IT risk. The committee engages on standing controls and forward issues, not on whether the basics are in place. The function is invited into the cross-functional operating-model conversations earlier rather than at the last minute.

What happens if you do not address this

The quarterly report drifts another two cycles and the function stays a cost line in the operating-model conversation. The contractor-access reconciliation finding recurs and becomes the audit issue that pulls the function into a remediation programme instead of a strategic discussion. A workplace-violence or convergence incident lands on a protocol that hasn't been table-topped and the post-incident review surfaces the gap. None of these are catastrophic on their own. Together they accumulate into a function that is not trusted with the next budget cycle.

Who it is for

Built for the named security officer or head of corporate security at a bank, a financial services employer, a regulated venue, or a similarly controlled environment. You own the control room, the alarm contract, the visitor and contractor access regime, the CCTV retention policy, the executive-protection cadence, the workplace-violence response, and the upward reporting line into enterprise risk. You don't write code. You don't run a SOC. You do increasingly sit in cross-functional meetings with the CISO, the head of operational risk, the head of internal audit, the chief operating officer, and the chief people officer, where the question on the table is how physical security supports the wider control environment. This course is for the operator who needs to keep running the floor and start running the reporting layer at the same standard.

Who this is NOT for. Not for cyber-only CISOs whose remit is information security and who do not own the physical guards, locks, CCTV or visitor regime. Not for entry-level guard supervisors or shift leads who do not own the budget or the risk report. Not for residential or retail single-site security managers without a corporate reporting line. Not for venue event-day operations roles whose scope is one event at a time rather than the standing security function.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. About three to four hours per module, taken at the pace of the operational calendar. The course is structured so each module can be completed alongside running the function rather than requiring time off the floor.

Why $199 is the right number

ASIS chapter content and the standard corporate-security certifications cover the general body of knowledge for a security professional. Those are useful and not in scope here. What this course adds is the specific operating layer that a bank or regulated employer's security officer is held accountable for and the reporting language that the enterprise risk committee and internal audit already use. Generic security-management content does not give you the quarterly report format, the contractor-reconciliation workflow, or the convergence protocol with the CISO. This course does.

FAQ

I am not a CSO. I run security operations at one site. Is this still relevant?
Yes. The control-room, lobby, alarm, contractor, CCTV and workplace-violence modules are written for the operator who owns the floor. The reporting and committee modules give you the language to brief upward when the head of security or the risk committee asks for it.
Our guard service is fully outsourced. Does the alarm-response runbook module still apply?
Especially then. The runbook is what the contractor follows and what you are accountable for. The module covers how to write it, how to test it through a contractor table-top, and how to monitor compliance against it month by month.
Do I get the implementation playbook as a generic template?
No. The playbook is hand-built once you provide your control-room setup, your guard-contract structure, and the way your employer currently reports physical risk to enterprise risk. It is the tailored deliverable that sits alongside the course content.
Is there a refund window?
Standard thirty-day money-back if the course is not what you expected. The implementation playbook is built within the first week of purchase, so refund requests after the playbook has been delivered are handled case by case.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!