Day in the Life of a Security Manager

by

Updated November 8, 2022

Curious about a day in the life of a security manager? Learn what to expect in this role, including common work environments, collaborators, job duties, and responsibilities.

CyberDegrees.org is an advertising-supported site. Featured or trusted partner programs and all school search, finder, or match results are for schools that compensate us. This compensation does not influence our school rankings, resource guides, or other editorially-independent information published on this site.

Are you ready to discover your college program?

Credit: vm / E+ / Getty Image

A security manager oversees an organization's information technology (IT) security needs. In this high-level role, security managers minimize security risks, respond to security threats and attacks, and develop best practices and procedures to safeguard information for their organizations.

Typical work environments include the computer systems design, information, finance and insurance, and management industries. Security managers typically supervise other IT workers, such as security software developers, information security analysts, vulnerability assessors, and computer systems analysts.

This guide details what to expect from a day in the life of a security manager, including main job duties, responsibilities, and work settings. We also cover the typical requirements for someone who wants to become a security manager.

What Is the Job Description of a Security Manager?

Security managers, also called cybersecurity managers and IT managers, oversee organization-wide information security procedures and processes. They supervise other IT workers, analyze security risks, and make security recommendations and policies.

The job description of a security manager varies by position, employer, and industry. At a small organization, a security manager typically takes on more responsibilities than at a large firm.

A security manager needs at least a bachelor's degree in a computer science or cybersecurity-related field. Most security manager jobs require at least five years of relevant experience working in a relevant IT position. Some high-level roles with large companies can require as much as 15 years of experience.

Many employers prefer candidates with master's degrees in IT or business-related fields, along with relevant professional certification.

What a Security Manager Does Day to Day

Security managers primarily oversee the procedures, policies, and actions that protect their organization's networks and information security. The specifics of the day to day in security management depend on your employer and industry.

In smaller organizations, security managers may take on more technical day-to-day work. At larger companies, they primarily focus on high-level issues. A security manager's role can grow as they mature into taking on more responsibilities as security directors and chief information security officers (CISOs).

A security manager typically interacts with their organization's executive team, making recommendations about IT security best practices and upgrades. Cybersecurity managers also usually supervise other IT workers, including information security analysts, computer support staff, and software developers.

Because security managers must ensure that their organization's information remains safe, it can be very stressful when something goes wrong. The normal day to day may also become repetitive.

Individuals with strong leadership, organizational, communication, and analytical skills can thrive in this role. Security managers also need a firm foundation in general information technology theory and skills, general business acumen, and specialized knowledge of cybersecurity issues.

The following section includes some of the main duties of cybersecurity managers.

Main Duties of Cybersecurity Managers

IT Employee Management: These professionals typically supervise other IT and cybersecurity workers. They may oversee computer support specialists, information security analysts, incident responders, and security specialists, depending on their industry and organization size.

Monitoring Computer Networks: Cybersecurity managers watch and analyze computer networks to find potential vulnerabilities. Security managers usually do some of this work themselves, but they may also help oversee other security professionals in this activity.

Maintaining Computer Hardware Systems: Security managers oversee the regular maintenance of their companies' computer hardware systems. Maintenance through defragmenting hard drives and installing anti-virus software can help extend the computer system's life or reveal potential problems. Depending on the size of the firm, a security manager may directly participate in this work or delegate to others.

Overseeing Software Upgrades and Updates: Security managers must keep track of software upgrades and updates to keep computer networks safe from viruses and potential cyberattacks. Depending on the size of their company, they may participate directly in this work or oversee the labor of other IT workers.

Making Security Recommendations: Cybersecurity managers must stay current with changes in cybersecurity technology, procedures, and best practices. This fast-changing field requires security managers to adjust their recommendations frequently based on new viruses or improvements. They typically make their recommendations to company executives and communicate changes to the rest of the organization once approved.

Nonstandard Duties for Cybersecurity Managers

Resource Management: Depending on where they work, cybersecurity managers may oversee many kinds of resources, including people, budgets, and physical materials like computer hardware and software. Security managers must make decisions about the most efficient and effective use of their organizations' resources.

Ensuring Compliance with Rules and Regulations: A security manager may need to make sure that their organization complies with IT security rules and regulations. There are specific rules that companies must follow to protect customer data, particularly in healthcare and finance.

Professional Development: Cybersecurity managers do not usually complete professional development activities every day, but it is important to keep up with changes in the field. This may include attending information security-related conferences, webinars, or workshops.

Auditing Business Practices: One way to find potential IT security risks or computer network vulnerabilities is to periodically conduct a company-wide audit of practices. Security managers can use audits to identify procedures that do not fall in line with current best practices. They may also apply their findings to make security upgrade recommendations.

Training Employees: Although not an everyday task, security managers sometimes provide training to other IT and security employees. In some cases, they may participate in organization-wide training with non-technical staff.

A Typical Day for a Security Manager

A typical day in the life of a security manager varies depending on where you work. Firm size, industry, and employer all affect what you can expect. The following sample schedule provides an idea of what to expect from a typical day for a cybersecurity manager.

8 a.m.: Arrive at the office. Say hello to coworkers and get coffee. Check your email and see what is on your agenda for the day.

8:30 a.m.: Executive meeting. Meet with the company's executive team to discuss some IT security improvements and upgrades you want to make. Present your plans and then take questions.

9:30 a.m.: Cybersecurity team meeting. Meet with your team and explain what happened at the executive meeting. Discuss what to expect from a training session that you will lead that afternoon.

10:30 a.m.: Monitor the company computer network for any unusual activity or potential risks.

12 p.m.: Lunch to celebrate a retiring coworker.

1 p.m.: Catch up on emails.

2 p.m.: Lead security training for your cybersecurity team. Explain a new security software program that everyone will use going forward.

4 p.m.: Read professional publications to keep current on trends in cybersecurity.

Where Security Managers Work

Your location and industry can affect the availability of security manager jobs. It can also significantly change a security manager's day-to-day tasks, interactions, and responsibilities.

The Bureau of Labor Statistics reports that some states offer more employment opportunities and better salaries for this career than others.

The highest-employing state is California, where 92,880 people work as computer and information systems managers, which includes IT security managers. California is also the second top-paying state for this occupation, with workers making a median annual salary of $193,500.

Other states that employ the most computer and information systems managers include Texas, New York, Florida, and Massachusetts. Top-paying jurisdictions include New York, New Jersey, Washington, and Washington, D.C.

Depending on your location, it can make sense to apply for jobs in other states and consider relocating. Weigh the pros and cons of moving for a job, including the cost of living, salary potential, future career growth opportunities, and quality of life.

Security managers work in industries like computer systems design, information, and finance and insurance. The management and manufacturing sectors also employ IT security managers.

In large organizations, security managers usually take advanced roles, often within executive teams. Cybersecurity managers at smaller companies may take a more hands-on approach and participate in the technical work themselves.

Should You Become a Cybersecurity Manager?

A career as a security manager can offer excellent salaries, stability, and the opportunity to advance over time.

However, not everyone will want to spend the time it takes to get the education and experience required for this role. Security managers typically spend 4-6 full-time years earning degrees. The time spent in higher education takes a lot of hard work and usually requires a significant financial investment also.

Before they can land their first security manager job, professionals typically spend at least five years gaining experience. Future security managers may work in lower information security-related roles like information security analyst, incident responder, or security software developer.

It can be a long road, but for the right person, becoming a security manager can pay off and lead to a successful long-term career.

How to Prepare for a Career as a Security Manager

The first step in preparing for a career as a security manager is to find a bachelor's program in a computer science or cybersecurity-related field.

Some students pursue master of business administration degrees to open the door to better salaries and more career opportunities. Many continue working in related IT security roles while in graduate school.

Although not required, security managers find it useful to earn professional certifications. Common in the tech industry, certifications let workers prove their skills to employers. These credentials may especially suit people who may lack traditional college degrees but complete cybersecurity bootcamps.

In addition to required education and optional certifications, security managers usually need at least five years of professional experience.

Learn More About Security Managers

This page explains what security managers do, including an idea of what to expect from a typical day in the life of a security manager. Learn the education, experience, and professional certification requirements for information security manager jobs. We discuss typical timelines to qualify for this role. Explore the average salary and projected job outlook for IT security managers. We explain how various factors like education, experience, and industry can affect earnings. Find out about professional certifications that can help you advance in your career as a security manager. We explain applicant criteria, required tests, and how to maintain your credential.

Professional Spotlight: Dr. Lisa McKee Ph.D., CISA, CDPSE, CRISC


What's a typical day like for you?

I have a unique job as the director of governance, risk, compliance, and privacy. I am a member of the security team and report directly to the CISO. At most organizations, each function of my team is a different business unit, but here I am responsible for many areas, making every day different, and I love that about my job.

There are days I am researching laws to ensure compliance with regulatory and contractual obligations. Some days are spent on vendor management, conducting due diligence reviews, and reading contracts for security and privacy posture.

There are days I work on updating company policies and times spent collaborating with teams to address questions they have and identify solutions that meet the organization’s compliance requirements. There is no typical day; it varies depending on what issues arise and what has priority.

What other teams do you work with on a regular basis?

Collaboration with the legal department is vitally important. I am not a lawyer and defer to the legal team to provide guidance on the interpretation of laws and regulations. Then I collaborate with teams across the organization to communicate the policies and controls for security and privacy needed to meet the laws and regulations.

I work with teams across business operations and engineering to discuss system design and development for security and privacy. I also support the sales team by assisting with responses to customers’ questions relating to our compliance posture. Collaboration with the training team is also necessary to deploy security and privacy awareness training for the organization.

I collaborate with my counterparts on the security team for a variety of security and privacy-related projects. For security, it is my responsibility to ensure there are strong controls in place to protect the data. Privacy is multi-disciplinary and impacts everyone in the organization because personal data is everywhere.

Is there a lot of collaboration in your role as a security manager? Or is it mostly independent work?

The role of a security manager requires collaboration with others on everything. Change a control and it impacts both the customers and employees. When you update training, that impacts everyone across the organization. New or updated laws may affect many teams depending on the change.

The role of a security manager is to inform, educate and be a business partner with others across the organization. This is not a hands-on keyboard role; anything we do requires input, collaboration, and involvement from others.

"For security, it is my responsibility to ensure there are strong controls in place to protect the data. Privacy is multi-disciplinary and impacts everyone in the organization because personal data is everywhere."

Do you work in an office or from home (or a hybrid)?

I work from home, but there are times when the team will meet in the office for strategy and planning sessions. Using an old-fashioned whiteboard and markers is still the best collaboration method when discussing workflows, processes, and strategies.

What's your favorite part of being a security manager? The most challenging part?

I love that every day is different. I enjoy helping others solve problems in practical ways they never considered. Sharing my knowledge with others and mentoring them is humbling. It was heartwarming when my manager recently told me colleagues have said to him that they "leave meetings with Lisa smarter and wonder how she knows everything."

While I am highly educated with a diverse and unique skill set, I do not know everything, but it is humbling to hear I am making a difference and people know they can come to me with questions, and I will partner with them to find the answers and right solution for their situation.

Any other insights about your day to day as a security manager that may help people considering this career path?

Not all jobs are the same. The responsibilities I have may be different at other organizations, especially large organizations that have numerous security professionals. You will never know everything or have all the answers, but always keep learning. IT, security, and privacy are domains that are changing daily. Especially privacy, as new privacy laws are constantly being passed and updated.

For whom do you think this career is a good fit? Why?

Individuals that enjoy challenges are a good fit because it takes collaboration and creative thinking to solve issues. Innovators also work well because we are constantly seeking new ways to solve business challenges and pushing the boundaries of the status quo. Individuals that enjoy writing and communication are also strong candidates as the role requires lots of communication with others and writing policies, assessments, reviewing legal contracts, etc.

This may be a good fit for someone who wants to get into security and privacy but may not be good at the technical aspects. I started my career as a software engineer and absolutely hated it. I stuck with it, learned what I could, and then transitioned to other roles that were a better fit. I use the technical knowledge daily, providing guidance on security and privacy controls.

Dr. Lisa McKee, Ph.D., CISA, CDPSE, CRISC, has 20 years of industry experience in many domains of IT, security, privacy, software development, GRC, and auditing. Dr. McKee assists companies by conducting security and privacy assessments, program implementation, and managing compliance.

Lisa is a highly regarded security and privacy expert and a regularly featured speaker at conferences and events locally, nationally, and globally including RSAC. Dr. McKee is a member of the Accredited Standards Committee X9 and provides input on industry standards.

Dr. McKee has led NIST working groups and is a member of several professional association boards for ISACA and IAPP. Dr. McKee is passionate about privacy and security and enjoys sharing her knowledge with others as a mentor and adjunct instructor for security and privacy courses.

FAQ About the Day to Day of Security Management


What are the main responsibilities of cybersecurity management?

A cybersecurity manager's day-to-day responsibilities include monitoring computer networks for vulnerabilities, managing other IT employees, and overseeing software upgrades and updates. The job description of a security manager can vary significantly depending on the organization.

Is a security manager's day to day stressful?

The day to day in security management can be stressful. Security managers have a lot of responsibility — mistakes can directly cost their organizations money.

Do cybersecurity managers like their jobs?

It depends on the person and their specific duties, but many cybersecurity managers like their jobs. Payscale data reveals that, on average, information security managers report high satisfaction with their careers.

What are the most challenging aspects of security management?

Security management can be challenging due to the constantly changing nature of the field. Security managers need to keep track of new technologies and best practices. Also, the job can be stressful amid breaches and other intrusions.

Recommended Reading

Take the next step toward your future.

Discover programs you’re interested in and take charge of your education.