What Does a Security Director Do?
The Short Version
A Security Director is the man or woman in charge of overseeing IT security measures throughout an organization.
In this senior-level position, you will have strategic oversight of every aspect of security – from staffing and budgets to protocols and incident response. With smaller companies, the Security Director may be the equivalent of a CISO.
Security Director Responsibilities
On any given day, you may be expected to:
- Manage IT security programs and supervise security departments
- Prioritize and allocate security resources correctly and efficiently
- Define, implement and maintain corporate security policies and procedures
- Integrate IT systems development with security policies and information protection strategies
- Monitor security vulnerabilities, threats and events in network and host systems
- Develop strategies to handle security incidents and coordinate investigative activities
- Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action
- Prepare financial forecasts for security operations and proper maintenance cover for security assets
- Participate in strategic planning for the deployment of information security technologies and program enhancements
- Ensure security policies, procedures and protocols are being executed by the appropriate technical teams
- Provide leadership, training opportunities and guidance to personnel
- Design and implement education programs focused on user awareness and security compliance
- Prepare senior-level technical reports for executive management
- Connect legal, regulatory and local organizational requirements with security goals
- Hire, review, and fire non-management employees
Your immediate supervisor (and the highest security position in the company) is typically the CISO.
Security Director Career Paths
If you aspire to this top-level job, plan to spend a number of years working specifically in the field of information security. For example, you could begin with:
- Security Administrator
- Network Administrator
- System Administrator
Once you have a solid grounding in security principles, opportunities include:
Senior-level jobs include:
The pinnacle of the profession is the CISO role.
The term “Security Director” is fairly loose. In our survey of job descriptions, we have also seen the position referred to as:
- Deputy CISO
- Information Security Director
- Senior IT Manager
Security Director Salaries
Payscale has two categories for IT Security Directors:
- The median salary for a Director, Computing/Networking/Information Technology (IT) Security is $104,775 (2014 figures). Overall, you can expect to take home a total pay of $66,732 – $175,162.
- The median salary for a Security Director, Computing/Networking/Information Technology is $116,245 (2014 figures). Overall, you can expect to take home a total pay of $67,563 – $179,608.
Total pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Security Director Job Requirements
To climb to the top of the security ladder, you will need a bachelor’s degree in Computer Science, Cyber Security or a related technical field.
An MS will be a plus on any job application. Large companies will be looking for a relevant master’s degree with a concentration in IT security. Continued training and professional certifications will also aid your cause.
Plan to spend 7+ years working in IT and security before applying for a job as a Security Director. Many employers will want to see at least 5+ years of experience managing security operations and teams.
Above all, you should have extensive hands-on knowledge of security tools and solutions. Samples of required technical skills might include:
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- ISO 27001/27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and/or PHP programming languages
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- TCP/IP, computer networking, routing and switching
- Network security architecture development and definition
- Knowledge of third party auditing and cloud risk assessment methodologies
Prioritization, coordination, collaboration, facilitation, organization – the list of great leadership skills is never-ending. Overall, employers are looking for candidates with strong negotiation and people management skills. They will also want proof that you can communicate effectively with both high-flying CEOs and non-technical staff.
As a Security Director, you will be handling an enormous variety of projects and teams, under a deadline and with limited resources. So consider ways you could foster your problem-solving and process-oriented thinking abilities.
Certifications for Security Directors
When you get to this level of security administration, certifications are pretty much mandatory. The most frequently mentioned accreditations in Security Director job descriptions are CISSP and CISM.
- CISA: Certified Information Systems Auditor
- CISM: Certified Information Security Manager
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSMP: Information Systems Security Management Professional