Information Security Manager Salary and Job Outlook

As information security continues to be a pressing concern in all sectors of business and government throughout the world, the job of information security manager is constantly in demand. Let’s take a look at the information security manager salary and job outlook in various parts of the United States.

What Is an Information Security Manager?

Since an information security manager has many shifting roles and responsibilities, the ISACA (formerly known as the Information Systems Audit and Control Association) established a set of guidelines for executives and management. It lists some of their requirements as:

  • Overseeing the establishment, implementation and adherence to policies and standards that guide and support the terms of the information security strategy. (This could be in the form of creating “best practices” guidelines and materials for new hires or specific department protocols)
  • Communicating with executive management to ensure support for the information security program
  • Overseeing and conducting risk management activities (risk assessment, gap analysis, business impact analysis and so on) to help the enterprise reach an acceptable level of risk
  • Advising and making recommendations regarding appropriate personnel, physical and technical security controls
  • Managing the information security incident management program to ensure the prevention, detection, containment and correction of security breaches. (This could involve: conducting simulations or real-world drills, hiring and managing ethical hackers, and so on)
  • Reporting appropriate metrics to executive management. For example: number of incidences blocked; analytics from phishing simulation programs noting the number of phony emails clicked; number of employees that have successfully completed educational programs and so on
  • Participating in resolving problems with security violations
  • Creating an enterprise-wide information security education and awareness campaign. These can be in the form of videos, printed materials, emails, company-wide memos, meetings, Security Champions and more
  • Coordinating the communication of the information security awareness campaign to all (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Stephen Moramarco. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/TIaWfMgX3Jg/