Professional development

DoD RMF and Security Risk Management Salaries in 2018

December 6, 2017 by Stephen Moramarco


As technology continues to innovate and evolve, so do its security risks. A career in security risk management, therefore, involves continuous learning and the ability to stay one step ahead of hackers, thieves, and enemies of the state. Security risk management can be a rewarding career with the top corporate position often being Chief Information Security Office (CISO). Within the Department of Defense, security managers are essential for helping implement the new Risk Management Framework (RMF), a crucial update in the way threats to the United States are assessed and mitigated. In the public sector, there are many different career paths, from freelance analyst to ethical hacker, a primary goal being to keep data accessible and secure while identifying and reducing risk.

What is the average Risk Management salary by job role?

According to Payscale, Security risk manager positions tend to pay quite well, with the lowest average salary in the upper-$60,000s. The top credential associated with security risk management, CISO, averages $165,096.

Position Salary
Security Manager $68,251
Facility Security Officer (FSO) $70,333
Information Security Analyst $73,590
Security Director $83,058
Information Security Officer $95,457
Information Security Manager $113,015
Chief Information Security Officer $165,096

What is the average Security Risk Management salary by city?

 Risk managers living in New York City, a major technology/security hub, are duly compensated for the subsequent hike in cost of living. Our nation’s capital Washington D.C. is a distant second.

City Salary
New York, New York $119,078
Washington, District of Columbia $101,561
Chicago, Illinois $97,409
Boston, Massachusetts $97,273
Seattle, Washington $96,139
Dallas, Texas $92,270
Atlanta, Georgia $85,993

What is the average Security Risk Management salary by experience?

 Security risk management pays relatively low for those with less than five years experience. However, once you’ve achieved that benchmark, the average pay dramatically increases.

Number of years Salary
Less than 1 year $56,957
1-4 years $64,866
5-9 years $81,112
10-19 years $102,835
20 years or more $110,237

What are the benefits of becoming a Security Risk Manager?

Security risk management is a career path that is stable, growing, and vital part of nearly every organization. You will be working on the front lines of your company’s defense. If you are someone that likes to continually be challenged in a high stakes environment, these type of jobs are for you.

Do I need certification to become a security risk manager?

Certifications, while not explicitly necessary in the private sector, are often used as criteria for many security risk management positions. Additionally, someone beginning a career in risk management can use them to enhance their resumes.

In government, a number of different baseline certifications are accepted in the field of security risk management, often referred to as Information Assurance (IA). One certification that pops up in a number of DoD job descriptions is CISSP (Certified Information Systems Security Professional), issued by (ISC)².

CISSP certification can be daunting and challenging unless you have the proper preparation. Thankfully, InfoSec Institute has an award-winning seven day CISSP Boot Camp that has a 94.7% success rate.

It’s always up to date, and available online live, with an exam pass guarantee. Online mentored and public classroom options are available as well. Are you ready to take your risk management career up to the next level? Sign up for the next Boot Camp now!

Posted: December 6, 2017
Stephen Moramarco
View Profile

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.