What is an Information Security Director?
An information security director oversees the information technology security operations of a business. While this is a managerial position, the information security officer typically reports to the officers or chief managers of the company. This is a job that fits within the broad spectrum of information technology at a company.
The information security director does a variety of jobs. Duties can include security investigations; being aware of vulnerabilities that the company's system has and knowing relevant threats that may attack; managing a budget; holding training for people who will use the system; preparing reports; managing security programs; and acting as the central information center during crisis management. The information security director can also expect to hire and fire personnel.
|Education Requirements||Bachelor's degree in computer science related field; possibly a master's degree|
|Job Duties||Oversees technical information security, acts as the central communication point during emergencies, creates training, reports to management|
|Median pay (2019)||$175,859*|
|Job Outlook (2018-2028)||11% (computer and information systems managers)**|
Sources: *Salary.com; **U.S. Bureau of Labor Statistics
Training for an Information Security Director
Potential information security directors should have a four year college degree in a computer science related field. The person may also need to have a graduate degree, preferably with an emphasis on IT security, if he or she is applying to a large company.
It is common to begin in one IT job, gain experience, and to advance to being an information security director. Entry level jobs could be as a security administrator or a network administrator. The next level up might be to take a job as a security specialist, security auditor, or security engineer. Beyond that could be a position as a security manager, a security architect, or an IT project manager.
Employers may expect the new information security director to have 5-7 years of experience in information security before they will hire the person for the director's position. Some certifications may also be required,like the CISM (Certified Information Security Manager), CSSP (Cyber Security Service Provider), and CISA (Certified Information Systems Auditor).
Hard skills the job candidate may need include knowledge of C#, C++, Java, Windows, Linux, and hands-on practice with network security architecture. It wouldn't hurt to also be knowledgeable of IT strategy, security architecture, and COBIT frameworks. The information security director may also deal with information risk assessment, threat intelligence software, vulnerability management software, and IT security assessment.
The job candidate should also have soft skills, with an emphasis on negotiating and clear communication skills.
While the 2019 median pay according to Salary.com is almost $176,000 per year, about ten percent of these directors were earning about $144,000 per year. On the top end, about ten percent were earning over $213,000 per year at that same time. The job outlook for the similar career of computer and information systems managers is expected to increase much faster than average from 2018-2028, meaning there should be many jobs available during that decade.
Information security directors come from backgrounds of different specialties, and they can move from this job to other occupations, as well. Here are some jobs that are related to being an information security director.