The role of information security manager combines high-level vision and understanding of information security skills with management skills. In terms of the big picture, information security managers are normally the head of the information security team or department that they work in (only being outranked by Chief Information Security Officer or department director). At the micro level, information security managers make the higher-level decisions and resource allocations while leaving the hands-on IT and information security tasks to the other team members.
Typically, information security managers need to have five to 10 years of experience in cybersecurity or computer security before they earn their stripes for this position.
Information Security Manager Prerequisites
The career path of an information security manager varies: there is no one path towards this position. Rather, it is where several different-but-related career paths funnel into. Interestingly enough, you may find this position with another name – including Cybersecurity Manager, Information Systems Manager, Systems Security Director, Systems/Applications Security Manager and IT Security Director just to name a few. Regardless of the name of this position, a bachelor’s degree is required, preferably in information security, IT or computer science.
Along the “no set career path” lines, you can start with gaining experience in a number of ways (at least for the first few years). Many have earned their first experience in information security by working as an A+ technician with a heavy focus on information security. My first experience was as a help desk analyst for a non-profit organization for a few years, then I worked as a cybersecurity analyst while moonlighting in development for a few more. Within six years I reached the level of information security manager: a slightly different title, but the same job.
Earning certifications is a great idea to move toward this position as you build up the requisite experience. Two of the most popular certifications for information security managers is the Certified Information Security Manager (CISM) and Certified Information Systems Security Professional (CISSP) both offered by ISACA. Both of these certifications require at least five years of experience in the field, so these certifications need to be earned after you have a little more experience.
So What Exactly Does an Information Security Manager Do?
Just as a head controls a human body, the information security manager controls what an information security team or department does. Now I am not talking about the minutiae of day-to-day, hands-on technology changes performed by the team or department. Those tasks and responsibilities normally fall in the laps of the other information security experts on the team.
Rather, information security managers focus on the higher-level decision-making and planning for their team or department. Examples of some common higher-level tasks they perform include analyzing the budgetary restrictions of the team/department and allocating financial resources accordingly, whether to incorporate new tools and technologies, the hiring of new team members and continuously improving the information security environment against vulnerabilities and weaknesses.
Aside from the obvious information security skills put to the test daily, information security managers often have to pull from a less tangible skill set. Communication is key for information security managers, and they will often need strong communication and people skills to successfully perform this position. Information security managers are required to effectively communicate and maintain good relationships with other department heads in the organization and clearly explain complex concepts in technology to C-level officers.
Additionally, information security managers need to have strong managerial skills – which is one of those things that you either have or you don’t. Some are not cut out for this position and it is up to each candidate to know whether they are.
Information Security Manager Salary
Now for the pièce de résistance, the reason why you probably stopped to read this article – the information security manager salary. This is a salary that many will find to be comfortable. to say the least. and is much higher than the average information security or IT professional.
Drum roll, please …
As of January 11th, 2019, information security managers can expect an average annual income of $140,624, based on the national average.
The interesting thing about this is that it cuts both ways. The good thing is that with the 25% percentile the average is around $115,000 and the 175% percentile average is $155,500, so you are bound to be paid well for this position. However, the bad thing is that no matter how much experience you have, there is not too much room for advancement by way of pay raises (though that is not to say that an outstandingly phenomenal information security manager with extra skills cannot earn more). With all that said, many would find this income to be adequate for their lifestyle.
Also keep in mind that the role of information security manager is not the absolute heights of this career path. C-level executives such as CISO and CIO can potentially earn more, and they would be the logical next step for the information security manager.
Information security manager is the dream job for many working in information security. It allows an individual to put many high-power moving parts (such as top-notch information security skills, communication skills and managerial skills) together in the form of the head of an information security team or department. This position pays higher than almost any other information security position, and whether you are in the low or high percentile of information security managers, you are bound to be well paid for your time.
- Average Salary of Cyber Security Manager Jobs, ZipRecruiter
- Be an Information Systems Security Manager: Career Roadmap, Study.com