Successful candidates that manage to gain certification in CISM will find that many new doors of opportunity have been opened to them. CISM holders are far more likely to land senior roles within an organization that come with more responsibility and great benefits, as well as higher remuneration. This is due to the comprehensive nature of the CISM. This makes CISMs highly sought after IT professionals that an organization can benefit greatly from, and they are therefore a valuable asset to the company.
Only once a student has successfully completed the exam and then performed the required tasks such as accruing work experience and continuing their studies, are they then officially certified. This is no easy task however, as the requirements are very specific, including constant cycles of studying and training. This makes sure that candidates are always up to date with the CISM certification, and that they remain current with their knowledge and familiar with new technologies and emerging trends within the Information Security industry. It is for all of these reasons that the CISM is such a highly valuable certification to have.
What kind of jobs can I get with the CISM certification?
The CISM is a higher-level certification that opens up many opportunities for an individual to progress further in their Information Security career. This is because candidates can specialize after they have attained this qualification, but at the same time, they learn a multitude of invaluable skills as well as Information Security theory. This means that the kinds of jobs that a CISM can get are varied and exciting, and can lean towards managerial positions, technical roles, systems auditing, Information Security risk assessment, and even systems development roles. It is for these reasons that the CISM is such an important certification for security professionals to get.
What are the most common CISM job titles and descriptions?
The CISM encompasses many different skills and can be used in both technical and managerial positions, all the way up to the executive level of an organization. Let us take a look at 3 different job titles and what some of their basic roles entail. It is important to bear in mind that many roles overlap one another, and that this may vary from organization to organization.
Information System Security Officer
As the ISSO in an organization, your job is multifunctional in many respects. ISSOs act as the primary contact between departments in issues that relate to system security. ISSOs are in constant communication with the Information System Owner, the Business Process Owner, the Chief Information Security Officer, and Information Security Manager on all technical and logistical challenges that involve the security of the organization’s information. Some key functions of this position are:
Providing information security expertise to the system development teams
Preparing and reviewing all security documents in the organization
Ensuring that the appropriate security controls are applied to all systems
Ensuring that test data is used during system testing for consistent results
Continuous monitoring of all IT systems and detailed report analysis
Information/Privacy Risk Consultant
This role is highly focused on process and policies. There are many points of failure within any information security system, and it is the job of an Information and Privacy Risk Consultant to identify and mitigate these risks. The CISM teaches fundamental risk assessment skills that are invaluable to an Information and Privacy Risk Consultant. Documentation and policy adherence makes up a large part of what this job title requires, and the CISM teaches candidates how to stay in control of these systems. Roles that an Information and Privacy Risk Consultant may have to perform include:
Risk Analysis and Threat Assessment
Privacy Impact Assessments
Organizational Privacy Reviews
Information Security Manager
The Information Security Manager is seen as the key person responsible for the safe keeping of IT infrastructure within the company or enterprise. They are responsible for ensuring that all systems are kept safe and secure, and that data and security policies are kept up to date and are implemented to the highest standards of compliance. Security threats such as virus attacks, data breaches by hackers and cyber-criminal activities such as phishing and electronic fraud must be protected against. An Information Security manager is responsible for:
Assessing Security Measure
Developing and Implementing IT Security Policies
Managing Information Security Specialists
What Other Skills Are Beneficial To Landing a CISM Role?
The CISM covers a broad section of Information Security career paths, so for many people it is not always clear what job is waiting for them on the other side of the exam. You can expect to find roles that require multiple disciplines, such as:
What kind of salary bump can I expect after getting certified?
Candidates that have a CISM certification can expect great things on the salary front. The average salary comes in at around $128,000 USD per year, but this varies depending on the job title and job function that you find yourself performing. This is a high-level certification that usually requires that candidates already have 5 years of work experience in IT Security Management prior to writing the exam.
This work experience must have been within 10 years preceding the application of the exam. This experience can also be gained after writing the CISM, and candidates have 5 years to do it in commencing from the date that they passed the exam.
CISMs must also maintain their certification status, which adds some difficulty to keeping certified. For this reason, many employers see the CISM as an indication that the candidate is both skilled and knowledgeable in the field of information security, but also has the skills and ability to manage and create policies, and procedures while ensuring the safety and security of the organization’s information and IT systems.
Information Security Career Progression within the Organization
Many people that consider writing the CISM are not certain about the career path that they will be taking through a business, or even what roles would be compatible with the certification. The following is based on the information contained in the presentation called ‘Professionalism in Information Security: A Framework for Competency Development’ from Lynas, David; John Sherwood:
Entry Level Positions:
Security Designer Trainee
Security Systems Trainee
Security Auditor Trainee
Technical Specialists (Mid-Level Technical):
Security Product Manager
Security Systems Professional
Information Risk Consultant
Technical Managers (Mid-Level Managerial):
Account Sales Manager
Expert Level Position (High-Level Technical):
Principal IT Consultant
Senior IT Systems Professional
Senior IT Development Engineer
Senior IT Architect
Senior Information Security Auditor
Manager/Director (High Level Managerial):
Systems and Infrastructure
Information and Privacy Risk Consultant
Senior Executive Level (Executive C-Level):
Chief Information Officer
Chief Operating Officer
Chief Technology Officer
Chief Information Security Officer
Chief Architecture Officer
Find out more information in this downloadable PDF on the ISACA website, which outlines in great detail many of the factors to consider when pursuing certification in the CISM. There is a great deal of detail, and it is a great source of valuable CISM related information.
The benefits of taking and passing the CISM are obvious: better pay, more responsibility and a detailed, fundamental understanding of information security management, as well as how it relates to the successful operation of a company or organization’s Information Security. Candidates who successfully complete their CISM will be virtually guaranteed better job prospects, and will be on their way to climbing up the management structures within the organization.
It is also worth noting that the CISM is globally recognized, so candidates will find that they can work wherever they choose. This creates further opportunities for anyone that wishes to branch out and broaden their horizons in another country.
Those that are interested in finding out more about the CISM are welcome to browse the Infosec Institute Resources page and search for CISM. You will find many helpful articles that offer insights into this highly sought after certification that will assist you on your journey towards CISM certification.