What Does a Security Manager Do?
The Short Version
An Information Security Manager is expected to manage an organization’s IT security in every sense of the word – from devising imaginative security solutions to implementing policies and training procedures.
Although your technical skills may take a backseat, you will be the driving force behind your company’s security measures.
Security Manager Responsibilities
As part of this mid-level management job, you may be required to:
- Create and execute strategies to improve the reliability and security of IT projects
- Define, implement and maintain corporate security policies and procedures
- Spearhead vulnerability audits, forensic investigations and mitigation procedures
- Respond immediately to security-related incidents and provide a thorough post-event analysis
- Manage a diverse team of security administrators, analysts and IT professionals
- Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
- Institute organization-wide training in security awareness, protocols and procedures
- Ensure compliance regarding staff security and clearance
- Assess, test and select new security products and technologies
- Prepare cost estimates and identify integration issues
- Administer department budgets and staff schedules
Security Manager Career Paths
Security Managers typically get their start in entry-level administrative positions such as:
- Security Administrator
- Network Administrator
- System Administrator
After getting your foot in the door, you might consider a more specialized security position that will give you the required work experience. For instance:
Once you are a Security Manager, you might progress to top-level security positions:
You will often see similar job listings for:
- Information Systems Security Manager
- Information Security Manager
- IT Security Manager
- Systems/Applications Security Manager
- Security Manager (Systems/Applications/Information)
Security Manager Salaries
According to Payscale, the median salary for an Information Security Manager is $100,215 per year (2014 figures). Overall, you can expect to take home a total pay of $69,984 – $142,816. This includes your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
However, insiders will tell you that $69,984 is too low. Job salaries in the Midwest should start at a minimum of $85K. Figure will be higher on East and West Coasts.
Security Manager Job Requirements
Security Managers are expected to have, at minimum, a bachelor’s degree in Computer Science, Cyber Security or a related technical field.
If you don’t have a technical degree, you could consider gaining a master’s degree with a concentration in IT security. You can bolster this qualification with training and professional certifications.
Since this is a management position, employers want to see 5-10 years of work experience in information technology. Many job descriptions will specify that at least 3-5 of these years must be in the field of information security.
Security Managers should have a “ground-up” knowledge of programming, architecture and IT security. As you build your career, you might consider honing your skills in:
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- ISO 27001/27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and/or PHP programming languages
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- TCP/IP, computer networking, routing and switching
- Network security architecture development and definition
- Knowledge of third party auditing and cloud risk assessment methodologies
Soft skills play a huge role in management positions. Every day, you will be collaborating with CISOs, outside vendors and teams of engineers and analysts. That means employers will want to see proof of outstanding leadership, oral and communication skills.
They are also going to be looking for efficient multitaskers and creative problem-solvers. Like general contractors on a building site, Security Managers are responsible for addressing a dizzying array of company issues.
Certifications for Security Managers
Security Managers are fairly high up in the hierarchy, so certifications are recommended. Generally speaking, CISSP and CISM are the two most requested qualifications from employers.
- CISM: Certified Information Security Manager
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSMP: Information Systems Security Management Professional
- GSLC: GIAC Security Leadership