Skip to content ↓ | Skip to navigation ↓

Given the evolving threat landscape, it is no surprise that the field of information security is booming. A report issued by Burning Glass Technologies reveals that job postings across the industry have grown 74 percent between 2007 and 2013—twice the rate of all other IT jobs.

Not only that, but the field is expected to continue to grow over the next few years, with the Bureau of Labor Statistics forecasting a 37 percent increase in Information Security Analyst positions alone between 2012 and 2022.

All of this growth makes the field of information security an exciting career choice. At the same time, however, the industry’s expansiveness complicates the process of selecting a specific career path.

After researching the field of information security, we’ve gathered the top 10 infosec jobs based on overall pay grade:

#1: Chief Information Security Officer (CISO)

A CISO is a C-level management executive whose primary task is to oversee the general operations of an organization’s IT security department and other related staff. The organization’s overall security is the foremost concern of the CISO. As such, persons who aspire to become a CISO must demonstrate a strong background in IT strategy and security architecture.

They must also possess people and communication skills, which they are expected to use when assembling and managing a team of IT security experts, as well as when consulting with other organizational executives and/or federal agencies depending on the nature of their workplace.

CISOs make a median salary of $131,322, according to PayScale’s 2015 estimates. On the lower end, CISOs can expect to make at least $81,000, but those in some of the larger organizations can earn as much as $240,000 a year.

#2: Security Architect

A Security Architect is a senior-level employee who is responsible for building and maintaining the computer and network security infrastructure for an organization. This position requires that individuals develop a comprehensive picture of an organization’s technology and information needs, which they can then use to develop and test security structures designed to protect those systems.

Security Architects are expected to be knowledgeable in a diverse set of technical skills, including ISO 27001/27002, ITIL and COBIT frameworks, risk assessment procedures, operating systems, and perimeter security controls.

Security Architects make a median salary of $109,794. According to PayScale, those on the lower end of the spectrum make around $84,000, whereas the highest-paid Security Architects earn approximately $160,000.

#3: Security Director

A Security Director is a senior-level employee whose task is to oversee the implementation of all IT security measures throughout an organization. As such, Security Directors are responsible for designing, managing and allocating resources to various security programs within an organization’s security department; creating user awareness and security compliance education campaigns; interacting with non-management employees; and offering key assistance to law enforcement in the event of a security incident and subsequent investigation.

Security Directors are expected to possess backgrounds similar to those of CISOs with respect to their knowledge of IT strategy, enterprise architecture, and other security-related concepts. In fact, Security Directors report directly to a CISO and generally assume the position of this executive role in smaller organizations.

Security Directors’ median salary is variable, ranging from $104,775 to $116,245. PayScale’s 2015 estimates locate the salary range for Security Directors between $66,000 and $180,000.

#4: Security Manager

A Security Manager is a mid-level employee who is tasked with managing an organization’s IT security policy. Soft skills, such as leadership and strong interpersonal and communication skills, are therefore crucial for successful Security Managers. Individuals who are interested in becoming a Security Manager must be prepared to create and execute security strategies based on the input from the Security Director and/or the CISO.

They must also test and implement new security tools, lead security awareness campaigns, and administer both department budgets and staff schedules. Security Managers are expected to have a thorough background in programming, enterprise architecture, and IT strategy. However, a deep familiarity with these areas of focus is not generally required.

Security Managers make on average a salary of $100,215. They can expect to earn at least $71,433, according to PayScale, but those in larger organizations can make as much as $143,374.

#5: Security Engineer

Security_EngineerA Security Engineer is a mid-level employee who is responsible for building and maintaining the IT security solutions of an organization. In this capacity, Security Engineers configure firewalls, test new security solutions, and investigate intrusion incidents, among other duties, all while reporting to the Security Manager.

Candidates who aspire to become Security Engineers must possess a strong technical background in vulnerability and penetrating testing, virtualization security, application and encryption technologies, and network and web-related protocols. The more tools and concepts with which a Security Engineer is familiar, the more they can help troubleshoot any problems with an organization’s security systems.

Security Engineers make a median salary of $86,996, according to PayScale’s 2015 estimates. Those who enter the field of information security as Security Engineers can expect to make at least $57,000. However, some can earn as much as $128,000 a year.

Part 2 of our list of the Top 10 Highest Paying Jobs in Information Security is here

10 Ways Tripwire Outperforms Other Cybersecurity Solutions
  • Braye

    Wow, very informative. This came at a right time when considering a career in Info. Sec. Well, I'm not sure if this applies to Canada.

    • lexmajor

      Pretty much. I'd say salaries listed are a big higher than what you'll encounter, which means they are about the same listed amounts in CAD.

  • Micheal Ethan

    The high-profile security breaches of the past few years have made it clear that organizations need to do everything necessary to safeguard their technology stack and databases against both internal and external threats. According to a new analysis of Dice salary data, that need has translated into salaries for certain tech professionals that greatly
    exceed the baseline for tech-pro salaries.Lead Software Security Engineers, Directors of Security, Security Consultants and others tasked with repelling cyber-threats can expect to earn six-figure salaries per year—so long as their skills, experience and certifications prove to be a match for very demanding roles that are continuously evolving. With that in mind, here’s a list of the top 10 security jobs, ordered by average salary for 2015.

  • Cate Lewitt

    Thanks for an interesting piece! Information security is a promising field and the most pleasant part of it for me is the possibility of working from home. For example, quite a number of freelance tech jobs can be found here, including information security ones. That’s great! And this website is also nice: high rates, a lot of other jobs (not only in technology) and no commission fee.

<!-- -->