Security Is a Real Job
By now, hopefully, one of the implications of the regular security routine I've prescribed should be apparent. For one thing, somebody needs to be responsible for dealing with security matters on your systems and networks. If it's not your job, it had better be somebody else's; if it's your job, that job must be done.
Regular, scheduled security work means you'll need to make time for this activity, too. As you learn your way around this area, or get familiar with your environment's security requirements, things will take a bit longer while you're climbing the learning curve. Over time, you should be able to more quickly handle routine activities. Likewise, it's important to leave time (and to have the right resources available) to perform regularly scheduled security assessments, audits, penetration tests, and scans. These periodic activities permit you to survey the current health of your systems and networks from a security standpoint, and to plan appropriate changes or upgrades to your local security infrastructure.
By the same token, it's important to make security part of your maintenance routine, too. If you upgrade your firewall software, you'd better run your penetration tests against it before pronouncing it fit for production use (it's amazing the impact that unexpected returns to defaults or factory presets can have on a local security infrastructure). The same is true when you upgrade systems or applications, apply security patches or fixes, or undertake other regular maintenance or upkeep work.