Chief Information Security Officer: Job Description and Requirements

Sep 11, 2019

Learn about the education and preparation needed to become a chief information security officer. Get a quick view of the requirements as well as details about schooling, job duties and certification to find out if this is the career for you.

Chief information security officers ensure the security of technology in organizations by establishing and managing protocols. This generally includes securing computer software, websites, and databases. Chief information security officers typically have a bachelor's degree, but master's degrees are becoming more common.

Essential Information

Information technology professionals who have experience in maintaining computer system security and an interest in business management might consider becoming chief information security officers (CISO). A CISO is an executive who is responsible for safeguarding data held by a company or organization. A bachelor's degree and previous experience in systems security are typically required by employers. Product and professional information security certifications are available, but not required by all employers.

Required Education Bachelor's degree; graduate degrees becoming more common
Other Requirements Several years of experience in systems security; management skills
Certification Optional product and professional information security certifications are available
Projected Job Growth (2018-2028) 11% for all computer and information systems managers*
Average Salary (2019) $159,000 annually**

Sources: *U.S. Bureau of Labor Statistics, **

Job Description

Working with business managers, chief executive officers and information technology (IT) managers, CISOs observe and monitor the security of websites, applications, computers and databases. They may establish company-wide security protocols that require user identification and passwords and protect networks from hackers.

CISOs must keep current on antivirus software, firewalls, and other security systems. They develop emergency procedures for handling security breaches, manage internal communication regarding system updates and provide estimates of budgetary requirements for technical upgrades.

Job Requirements

Many CISOs work their way up from IT positions after acquiring several years of experience in systems security and demonstrating managerial skills. In addition to on-the-job experience, the U.S. Bureau of Labor Statistics (BLS) reports that IT management positions typically require at least a 4-year degree, though a graduate degree is becoming common.

Educational Requirements

To start on the path to becoming a CISO, interested IT professionals could pursue a bachelor's degree in a related field, such as computer science, business administration or information science and security. Students may take relevant classes, such as programming languages, database management, technical writing and calculus.

In order to hone the business management skills required of this position, candidates would benefit from a master's degree program in business administration (MBA) with a specialization in information security management. Aspiring CISOs enrolled in such an interdisciplinary MBA program can study marketing, accounting and finance, as well as Web analytics and computer system security.

Employment Outlook and Salary Information

The BLS groups chief information security officers with the general computer and information systems manager category. The outlook for these managers is favorable, with a much faster than average growth of 11% expected over the 2018-2028 decade. reported that salaries for chief information security officers range from $104,000-$222,000 in August 2019, with the median wage being $159,000 annually.

Certification Options

The BLS recommends voluntary certification as an additional means of demonstrating technical proficiency. Though not required by all employers, CISOs may obtain product certifications directly from vendors, such as Cisco's certified network associate security certification. Additionally, professional certifications for information security professionals are available through the International Information Systems Security Certification Consortium and the Global Information Assurance Certification.

Chief information security officers assess and manage the security of technology platforms in an organization to safeguard data. This often involves the use of firewalls and antivirus software. Many chief information security officers hold a master's degree and some obtain certification.

Next: View Schools

Popular Schools

The listings below may include sponsored content but are popular choices among our users.

Find your perfect school

What is your highest level of education?