Chief Information Security Officer Jobs
Explore the career requirements for chief information security officers. Get the facts about job duties, education requirements and salary to determine if this is the right career for you.
What is a Chief Information Security Officer?
Chief information security officers (CISO) oversee the protection of computer networks in businesses and organizations. They directly supervise a staff of information security professionals and are responsible for the management of information security in their company or organization. Because of their level of responsibility, CISOs are typically trained in many different departments across a company and can be expected to translate their knowledge into languages that non-tech employees can easily understand.
The table below outlines the general requirements for a career as a chief information security officer.
|Degree Required||Bachelor's degree, master's degree preferred|
|Education Field of Study||Information security, information assurance|
|Other Requirements||Extensive work experience required, certification is voluntary|
|Key Responsibilities||Ensure a company is fully protected from external threats, make sure to impose minimal constraints on systems, supervise information security personnel|
|Job Growth (2018-2028)|| 5% (computer systems administrators)* |
11% (information systems managers)*
|Median Salary (2019)||$225,328**|
Source: *U.S. Bureau of Labor Statistics, **Salary.com
What Degree Programs for Chief Information Security Officers Can I Pursue?
Although a CISO needs extensive work experience to qualify for the position, programs in information security or information assurance are offered at the bachelor's and master's degree levels. Your odds of obtaining an executive position are likely to be significantly better with a master's degree. Many master's degree programs are specifically designed for working IT professionals who either work in security or want to transition into it.
Master's degree programs in information security are often multidisciplinary, integrating aspects of business administration and information technology. They acquaint you with common modes of attack against information systems as well as the protocols, procedures and methods that counter them and the constantly evolving relationship between attackers and defenders. Some incorporate exams for popular IT security certifications, such as the EC-Council Disaster Recovery Professional and the Cisco Certified Network Associate. Possible course topics include incident response management, cryptography, information architecture and information analytics.
Where Could I Work?
Your prospective employers include healthcare providers, government agencies, postsecondary institutions, insurance companies, IT services firms, manufacturers and financial services firms. The U.S. Bureau of Labor Statistics (www.bls.gov) doesn't provide figures for chief information security officers and information security officers, but does in broader categories - such as computer system administration and information systems management - that address security functions.
Employment of computer systems administrators is projected to grow 8% and employment of information systems managers is projected to grow 11% over the 2018-2028 decade. As of 2018, 383,900 people worked as network and computer systems administrators and 414,400 worked as computer and information systems managers. By extension, prospects for chief information security officers should be favorable.
What Will My Job Duties Be?
Your overarching responsibility is to assure that your employer has information security systems in place that provide maximum protection from external threats while imposing minimal constraints internally on system use. You also supervise the information security personnel who manage security protocols and respond to security breaches. Because security systems impact every department, division or area of an organization, you need to have knowledge across multiple disciplines.
Establishing and maintaining an information security system is likely to follow a defined sequence of duties or objectives. These include prioritizing your organization's security risks, defining the security system's mission, determining strategies for implementation, establishing rules and methods, assigning duties to information security personnel and training non-security personnel in security concepts. Achieving each step requires ongoing communication between you and the other executives, managers and employees of the organization to obtain their approval, cooperation and resources.
What Could I Earn?
As of November 2019, you could earn a median salary of $225,328 within the middle 80% range of $196,892-$260,122 for this career, according to Salary.com. In closely related job titles for the same year, Payscale.com reports information security officers with earnings in the 10th-90th percentile earned $58,000-$136,000, and chief information officers in that bracket earned $94,000-$248,000.
What Are Some Related Alternative Careers?
With a bachelor's degree in the technology and security field, professionals can choose a career in several areas. Computer systems analysts are the link between businesses and information technology, as they design systems to help a business function more efficiently. Information security analysts study the network of an organization to determine where security can be improved and strengthened. There are also hardware engineers who can chart new courses in computer hardware, designing devices such as routers and processors.