As information security continues to be a pressing concern in all sectors of business and government throughout the world, the job of information security manager is constantly in demand. Let’s take a look at the information security manager salary and job outlook in various parts of the United States.

What Is an Information Security Manager?

Since an information security manager has many shifting roles and responsibilities, the ISACA (formerly known as the Information Systems Audit and Control Association) established a set of guidelines for executives and management. It lists some of their requirements as:

  • Overseeing the establishment, implementation and adherence to policies and standards that guide and support the terms of the information security strategy. (This could be in the form of creating “best practices” guidelines and materials for new hires or specific department protocols)
  • Communicating with executive management to ensure support for the information security program
  • Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis and so on) to help the enterprise reach an acceptable level of risk
  • Advising and making recommendations regarding appropriate personnel, physical and technical security controls
  • Managing the information security incident management program to ensure the prevention, detection, containment and correction of security breaches. (This could involve: conducting simulations or real-world drills, hiring and managing ethical hackers, and so on)
  • Reporting appropriate metrics to executive management. For example: number of incidences blocked; analytics from phishing simulation programs noting the number of phony emails clicked; number of employees that have successfully completed educational programs and so on
  • Participating in resolving problems with security violations
  • Creating an enterprise-wide information security education and awareness campaign. These can be in the form of videos, printed materials, emails, company-wide memos, meetings, Security Champions and more
  • Coordinating the communication of the information security awareness campaign to all members of the organization and its vendors, auditors, executive management and user departments to enhance information security

In other words, an information security manager is focused on analyzing and aligning security risk and protocols with the company’s policies and goals, as well as overseeing the people that run the day-to-day operations.

Pay Scales

PayScale currently shows an average pay of $110,112 per year, but total pay can reach up to $145,329.

The top cities and median salary are listed as:

  • San Francisco: $166,328
  • Seattle: $136,788
  • New York: $134,056
  • Houston: $129,830
  • Boston: $124,038
  • Washington: $122,784

Additionally, the ISACA has created the Certified Information Security Manager (CISM) credential, which has become an industry benchmark for competence in the field. The CISM has been around since 2003 and according to our analysis is currently considered the highest-paying credential in the field of information security.

The CISM consists of 150 multiple-choice questions regarding information security including management, risk management and compliance, program development and incident management. In order to qualify, you must have at least five years’ experience in information security and three years of experience specifically in infosec management.

Those with the CISM can see a substantial increase in average pay. According to PayScale, it reaches about $122,000.

Top cities for CISM and their salary ranges:

New York, New York: $92,551 – $183,259

Washington, District of Columbia: $90,637 – $155,370

Dallas, Texas: $86,147 – $154,633

Atlanta, Georgia: $78,509 – $151,734

Seattle, Washington: $86,509 – $150,474

In addition to the information security manager, the CISM is also a beneficial certification for an information security system officer (ISSO), who is often a conduit between departments on security issues. It also aids information or privacy risk consultants, whose job it is to document and assess threats as well as ensure policy is followed to minimize risk.

Information Security Manager Job Outlook

Because information security is getting increasingly complex and new threats come online every day, the job outlook for information security managers is quite positive. While specific U.S. Department of Labor statistics are not available, the related job of information security analyst shows a projected growth of 28%, much higher than the average growth of all occupations at 7%. One can safely assume that the job of information security manager will be growing along those lines.

 

Sources

  1. The Job Description for an Information Security Manager, Chron
  2. Information Security Analysts, Bureau of Labor Statistics
  3. Information Security Manager, PayScale
  4. Salary for Certification: Certified Information Security Manager (CISM), PayScale