DoD RMF and Security Risk Management Salaries in 2018
Introduction
As technology continues to innovate and evolve, so do its security risks. A career in security risk management, therefore, involves continuous learning and the ability to stay one step ahead of hackers, thieves, and enemies of the state. Security risk management can be a rewarding career with the top corporate position often being Chief Information Security Office (CISO). Within the Department of Defense, security managers are essential for helping implement the new Risk Management Framework (RMF), a crucial update in the way threats to the United States are assessed and mitigated. In the public sector, there are many different career paths, from freelance analyst to ethical hacker, a primary goal being to keep data accessible and secure while identifying and reducing risk.
What is the average Risk Management salary by job role?
According to Payscale, Security risk manager positions tend to pay quite well, with the lowest average salary in the upper-$60,000s. The top credential associated with security risk management, CISO, averages $165,096.
| Position | Salary |
|---|---|
| Security Manager | $68,251 |
| Facility Security Officer (FSO) | $70,333 |
| Information Security Analyst | $73,590 |
| Security Director | $83,058 |
| Information Security Officer | $95,457 |
| Information Security Manager | $113,015 |
| Chief Information Security Officer | $165,096 |
What is the average Security Risk Management salary by city?
Risk managers living in New York City, a major technology/security hub, are duly compensated for the subsequent hike in cost of living. Our nation’s capital Washington D.C. is a distant second.
| City | Salary |
|---|---|
| New York, New York | $119,078 |
| Washington, District of Columbia | $101,561 |
| Chicago, Illinois | $97,409 |
| Boston, Massachusetts | $97,273 |
| Seattle, Washington | $96,139 |
| Dallas, Texas | $92,270 |
| Atlanta, Georgia | $85,993 |
What is the average Security Risk Management salary by experience?
Security risk management pays relatively low for those with less than five years experience. However, once you’ve achieved that benchmark, the average pay dramatically increases.
| Number of years | Salary |
|---|---|
| Less than 1 year | $56,957 |
| 1-4 years | $64,866 |
| 5-9 years | $81,112 |
| 10-19 years | $102,835 |
| 20 years or more | $110,237 |
What are the benefits of becoming a Security Risk Manager?
Security risk management is a career path that is stable, growing, and vital part of nearly every organization. You will be working on the front lines of your company’s defense. If you are someone that likes to continually be challenged in a high stakes environment, these type of jobs are for you.
Do I need certification to become a security risk manager?
Certifications, while not explicitly necessary in the private sector, are often used as criteria for many security risk management positions. Additionally, someone beginning a career in risk management can use them to enhance their resumes.
In government, a number of different baseline certifications are accepted in the field of security risk management, often referred to as Information Assurance (IA). One certification that pops up in a number of DoD job descriptions is CISSP (Certified Information Systems Security Professional), issued by (ISC)².
CISSP certification can be daunting and challenging unless you have the proper preparation. Thankfully, InfoSec Institute has an award-winning seven day CISSP Boot Camp that has a 94.7% success rate.
It’s always up to date, and available online live, with an exam pass guarantee. Online mentored and public classroom options are available as well. Are you ready to take your risk management career up to the next level? Sign up for the next Boot Camp now!