Average CISM salary [2022 update]

Simon Puleo
September 14, 2022 by
Simon Puleo

If you have five or more years of experience in cybersecurity and are looking for your next move, consider a Certified Information Security Manager (CISM) certification. CISM is designed for information security professionals who want an active role in managing, designing, overseeing and assessing an enterprise’s information security program. 

A CISM provides the essential skills needed to view and manage security from a holistic perspective: managing security programs, developing asset risk management models, providing security governance and delivering incident management plans using NIST frameworks. If you like managing the big picture while at the same time using your technical skills, this certification is for you. 

The great news is that with added responsibility comes increased earning potential. Security managers typically make 30% to 50% more than security specialists and have CISO as the next rung in their career ladder.

What is the average CISM Salary?

Salaries vary greatly depending on several different factors, including years of experience, the city where you’re employed and the actual job role you fill.  The salary ranges in our research range from $94,000 to $232,000.

According to the U.S. Bureau of Labor Statistics (BLS), from 2020 to 2030, there will be an increase of 11% for Computer and Information Systems Managers, with the 2021 median pay of $159,010 per year and $76.45 per hour.

According to the Certification Magazine 2022 Salary Survey, the average salary of an ISACA Certification Information Security Manager is $150,040 in the U.S. and $118,087 worldwide.

Payscale lists base pay at $131,000  and Glassdoor lists $122,002 base pay with total compensation at $145,767.

Again, pay depends on several factors, including your experience managing teams and years of experience in security and IT.

While pay varies depending on individual circumstances, IT managers across industries are, on average, paid equally, with small variances based on the organization.

  • Computer Information $165,940 
  • Finance and insurance $162,240 
  • Computer systems design and related services $162,150 
  • Management of companies and enterprises $161,630 
  • Manufacturing $160,010

Average CISM salary by state

According to, the potential median salary for a CISM certificate holder in the United States is $131,209. The pay will vary significantly depending on where you live.

  • New Jersey — $143,637
  • Washington — $131,024
  • California — $120,119
  • Illinois — $108,905
  • Texas — $105,367
  • Georgia — $94,423

You can also create a customized search on to see roles that require a CISM in your area:

Average CISM salary by job role 

Job titles related to CISM and their corresponding medium salary and range (as per are reported below.

  • CISO (Chief Information Security Officer) — $232,103
  • Security Director — $167,280 
  • Cyber Security Architect Manager — $152,678
  • Security Manager — $101,617   

CISM distinguishes you from other security certifications

While certifications like CompTIA A+ and CISSP demonstrate your knowledge, CISM sets you apart with an emphasis on the management of both people and security processes. 

Through CISM, ISACA emphasizes managing security strategies and assessing the policies and procedures used for information security concerning the needs of the business.

This high-earning certification is accepted as a standard worldwide for professionals in charge of IT security programs and IT auditing and control.  

Preparing for your lucrative CISM career

With CISM on your site, you’re looking at an upward career trajectory and CISO as the next rung on your career ladder. How should you get started?

Check out Inflosec’s ISACA CISM hub. It covers all things CISM, including free study resources, exam details, where and how to take the exam and tips for landing your first CISM job. 

While the CISM hub has everything you need to start your CISM path, you can also view the four CISM domains in these articles:

There’s no shortage of opportunities to learn about CISM, pass your CISM exam and launch your career. 



Simon Puleo
Simon Puleo

Simon Puleo, Certified Ethical Hacker (CEH), is an educator by day and a security researcher at night. Simon has trained employees, customers and partners on security tools, methods and practices at Contrast Security, Micro Focus and HPE. He specializes in helping apply the NIST framework working across many domains including IAM, application security, network security and SIEM. Simon is a thought leader actively engaged in researching the cyber-threat landscape and sharing his perspectives in seminars and articles.