There is no clash. Either security is an actual requirement for your company to function into the future, or you can outsource to a generic IT shop and change companies every 3 years, leaving a trail of stumbling corpses in your wake. Assuming you need data integrity, restricted access and good reliability, neither finance nor HR can have any say in your security arrangements. Check with your local parks department and get the necessary permits to roast the miscreants in public. Invite the whole company, not just execs. Lead by example. Follow all regulations -- ServSafe certification may be required.

To find common ground between Finance and HR on system security protocols, I would initiate a collaborative discussion to understand each department’s concerns and priorities. Finance is likely focused on data protection and compliance, while HR is concerned with employee privacy and ease of access. I would propose a balanced security approach that meets compliance standards, protects sensitive financial and personal data, and allows for smooth workflows. By emphasizing shared goals and data security, regulatory compliance, and operational efficiency I’d work towards a unified solution that satisfies both departments.

In these cases I find it is best to leverage regulatory requirements. If the organization has to meet a specific standard for compliance, their preference isn't really the driving factor and therefore the compromise would be whatever the framework requires. The key is communicating what is needed and why. If there is still a disagreement after that is outlined, perhaps the next step is to identify which department is willing to take ownership of the associated risk. Usually when these lines are drawn, 'clashes' are withdrawn. Accountability has a way of organically resolving many issues. Ultimately, the 'common ground' is to fulfill business needs, not so much appease individual departments.