Are you ready to discover your college program?
A security manager oversees an organization's information technology (IT) security needs. In this high-level role, security managers minimize security risks, respond to security threats and attacks, and develop best practices and procedures to safeguard information for their organizations.
Typical work environments include the computer systems design, information, finance and insurance, and management industries. Security managers typically supervise other IT workers, such as security software developers, information security analysts, vulnerability assessors, and computer systems analysts.
This guide details what to expect from a day in the life of a security manager, including main job duties, responsibilities, and work settings. We also cover the typical requirements for someone who wants to become a security manager.
What Is the Job Description of a Security Manager?
Security managers, also called cybersecurity managers and IT managers, oversee organization-wide information security procedures and processes. They supervise other IT workers, analyze security risks, and make security recommendations and policies.
The job description of a security manager varies by position, employer, and industry. At a small organization, a security manager typically takes on more responsibilities than at a large firm.
A security manager needs at least a bachelor's degree in a computer science or cybersecurity-related field. Most security manager jobs require at least five years of relevant experience working in a relevant IT position. Some high-level roles with large companies can require as much as 15 years of experience.
Many employers prefer candidates with master's degrees in IT or business-related fields, along with relevant professional certification.
Match me with a bootcamp.
Find programs with your skills, schedule, and goals in mind.
What a Security Manager Does Day to Day
Security managers primarily oversee the procedures, policies, and actions that protect their organization's networks and information security. The specifics of the day to day in security management depend on your employer and industry.
In smaller organizations, security managers may take on more technical day-to-day work. At larger companies, they primarily focus on high-level issues. A security manager's role can grow as they mature into taking on more responsibilities as security directors and chief information security officers (CISOs).
A security manager typically interacts with their organization's executive team, making recommendations about IT security best practices and upgrades. Cybersecurity managers also usually supervise other IT workers, including information security analysts, computer support staff, and software developers.
Because security managers must ensure that their organization's information remains safe, it can be very stressful when something goes wrong. The normal day to day may also become repetitive.
Individuals with strong leadership, organizational, communication, and analytical skills can thrive in this role. Security managers also need a firm foundation in general information technology theory and skills, general business acumen, and specialized knowledge of cybersecurity issues.
The following section includes some of the main duties of cybersecurity managers.
Main Duties of Cybersecurity Managers
Nonstandard Duties for Cybersecurity Managers
A Typical Day for a Security Manager
A typical day in the life of a security manager varies depending on where you work. Firm size, industry, and employer all affect what you can expect. The following sample schedule provides an idea of what to expect from a typical day for a cybersecurity manager.
Where Security Managers Work
Your location and industry can affect the availability of security manager jobs. It can also significantly change a security manager's day-to-day tasks, interactions, and responsibilities.
The Bureau of Labor Statistics reports that some states offer more employment opportunities and better salaries for this career than others.
The highest-employing state is California, where 92,880 people work as computer and information systems managers, which includes IT security managers. California is also the second top-paying state for this occupation, with workers making a median annual salary of $193,500.
Other states that employ the most computer and information systems managers include Texas, New York, Florida, and Massachusetts. Top-paying jurisdictions include New York, New Jersey, Washington, and Washington, D.C.
Depending on your location, it can make sense to apply for jobs in other states and consider relocating. Weigh the pros and cons of moving for a job, including the cost of living, salary potential, future career growth opportunities, and quality of life.
Security managers work in industries like computer systems design, information, and finance and insurance. The management and manufacturing sectors also employ IT security managers.
In large organizations, security managers usually take advanced roles, often within executive teams. Cybersecurity managers at smaller companies may take a more hands-on approach and participate in the technical work themselves.
Should You Become a Cybersecurity Manager?
A career as a security manager can offer excellent salaries, stability, and the opportunity to advance over time.
However, not everyone will want to spend the time it takes to get the education and experience required for this role. Security managers typically spend 4-6 full-time years earning degrees. The time spent in higher education takes a lot of hard work and usually requires a significant financial investment also.
Before they can land their first security manager job, professionals typically spend at least five years gaining experience. Future security managers may work in lower information security-related roles like information security analyst, incident responder, or security software developer.
It can be a long road, but for the right person, becoming a security manager can pay off and lead to a successful long-term career.
How to Prepare for a Career as a Security Manager
The first step in preparing for a career as a security manager is to find a bachelor's program in a computer science or cybersecurity-related field.
Some students pursue master of business administration degrees to open the door to better salaries and more career opportunities. Many continue working in related IT security roles while in graduate school.
Although not required, security managers find it useful to earn professional certifications. Common in the tech industry, certifications let workers prove their skills to employers. These credentials may especially suit people who may lack traditional college degrees but complete cybersecurity bootcamps.
In addition to required education and optional certifications, security managers usually need at least five years of professional experience.
Learn More About Security Managers
Professional Spotlight: Dr. Lisa McKee Ph.D., CISA, CDPSE, CRISC
What's a typical day like for you?
I have a unique job as the director of governance, risk, compliance, and privacy. I am a member of the security team and report directly to the CISO. At most organizations, each function of my team is a different business unit, but here I am responsible for many areas, making every day different, and I love that about my job.
There are days I am researching laws to ensure compliance with regulatory and contractual obligations. Some days are spent on vendor management, conducting due diligence reviews, and reading contracts for security and privacy posture.
There are days I work on updating company policies and times spent collaborating with teams to address questions they have and identify solutions that meet the organization’s compliance requirements. There is no typical day; it varies depending on what issues arise and what has priority.
What other teams do you work with on a regular basis?
Collaboration with the legal department is vitally important. I am not a lawyer and defer to the legal team to provide guidance on the interpretation of laws and regulations. Then I collaborate with teams across the organization to communicate the policies and controls for security and privacy needed to meet the laws and regulations.
I work with teams across business operations and engineering to discuss system design and development for security and privacy. I also support the sales team by assisting with responses to customers’ questions relating to our compliance posture. Collaboration with the training team is also necessary to deploy security and privacy awareness training for the organization.
I collaborate with my counterparts on the security team for a variety of security and privacy-related projects. For security, it is my responsibility to ensure there are strong controls in place to protect the data. Privacy is multi-disciplinary and impacts everyone in the organization because personal data is everywhere.
Is there a lot of collaboration in your role as a security manager? Or is it mostly independent work?
The role of a security manager requires collaboration with others on everything. Change a control and it impacts both the customers and employees. When you update training, that impacts everyone across the organization. New or updated laws may affect many teams depending on the change.
The role of a security manager is to inform, educate and be a business partner with others across the organization. This is not a hands-on keyboard role; anything we do requires input, collaboration, and involvement from others.
Do you work in an office or from home (or a hybrid)?
I work from home, but there are times when the team will meet in the office for strategy and planning sessions. Using an old-fashioned whiteboard and markers is still the best collaboration method when discussing workflows, processes, and strategies.
What's your favorite part of being a security manager? The most challenging part?
I love that every day is different. I enjoy helping others solve problems in practical ways they never considered. Sharing my knowledge with others and mentoring them is humbling. It was heartwarming when my manager recently told me colleagues have said to him that they "leave meetings with Lisa smarter and wonder how she knows everything."
While I am highly educated with a diverse and unique skill set, I do not know everything, but it is humbling to hear I am making a difference and people know they can come to me with questions, and I will partner with them to find the answers and right solution for their situation.
Any other insights about your day to day as a security manager that may help people considering this career path?
Not all jobs are the same. The responsibilities I have may be different at other organizations, especially large organizations that have numerous security professionals. You will never know everything or have all the answers, but always keep learning. IT, security, and privacy are domains that are changing daily. Especially privacy, as new privacy laws are constantly being passed and updated.
For whom do you think this career is a good fit? Why?
Individuals that enjoy challenges are a good fit because it takes collaboration and creative thinking to solve issues. Innovators also work well because we are constantly seeking new ways to solve business challenges and pushing the boundaries of the status quo. Individuals that enjoy writing and communication are also strong candidates as the role requires lots of communication with others and writing policies, assessments, reviewing legal contracts, etc.
This may be a good fit for someone who wants to get into security and privacy but may not be good at the technical aspects. I started my career as a software engineer and absolutely hated it. I stuck with it, learned what I could, and then transitioned to other roles that were a better fit. I use the technical knowledge daily, providing guidance on security and privacy controls.
Dr. Lisa McKee, Ph.D., CISA, CDPSE, CRISC, has 20 years of industry experience in many domains of IT, security, privacy, software development, GRC, and auditing. Dr. McKee assists companies by conducting security and privacy assessments, program implementation, and managing compliance.
Lisa is a highly regarded security and privacy expert and a regularly featured speaker at conferences and events locally, nationally, and globally including RSAC. Dr. McKee is a member of the Accredited Standards Committee X9 and provides input on industry standards.
Dr. McKee has led NIST working groups and is a member of several professional association boards for ISACA and IAPP. Dr. McKee is passionate about privacy and security and enjoys sharing her knowledge with others as a mentor and adjunct instructor for security and privacy courses.
FAQ About the Day to Day of Security Management
What are the main responsibilities of cybersecurity management?
A cybersecurity manager's day-to-day responsibilities include monitoring computer networks for vulnerabilities, managing other IT employees, and overseeing software upgrades and updates. The job description of a security manager can vary significantly depending on the organization.
Is a security manager's day to day stressful?
The day to day in security management can be stressful. Security managers have a lot of responsibility — mistakes can directly cost their organizations money.
Do cybersecurity managers like their jobs?
It depends on the person and their specific duties, but many cybersecurity managers like their jobs. Payscale data reveals that, on average, information security managers report high satisfaction with their careers.
What are the most challenging aspects of security management?
Security management can be challenging due to the constantly changing nature of the field. Security managers need to keep track of new technologies and best practices. Also, the job can be stressful amid breaches and other intrusions.
Take the next step toward your future.
Discover programs you’re interested in and take charge of your education.