What Does a Security Director Do?
What is a Security Director?
A Security Director is the man or woman in charge of overseeing IT security measures throughout an organization. In this senior-level position, you’ll have strategic oversight of every aspect of security – from staffing and budgets to protocols and incident response. Within smaller companies, the Security Director may be the equivalent of a CISO.
Security Directors have to juggle multiple (and sometimes conflicting) considerations: technology resources, budgets, human resources, government compliance, education & training programs, and a whole lot more. When security breaches occur, they’re the ones responsible for dealing with repercussions. When critical decisions need to be made, they’re the ones making them.
Security Director Job Responsibilities
On any given day, you may be expected to:
- Manage IT security programs and supervise security departments
- Prioritize and allocate security resources correctly and efficiently
- Define, implement and maintain corporate security policies and procedures
- Integrate IT systems development with security policies and information protection strategies
- Monitor security vulnerabilities, threats and events in network and host systems
- Develop strategies to handle security incidents and coordinate investigative activities
- Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action
- Prepare financial forecasts for security operations and proper maintenance cover for security assets
- Participate in strategic planning for the deployment of information security technologies and program enhancements
- Ensure security policies, procedures and protocols are being executed by the appropriate technical teams
- Provide leadership, training opportunities and guidance to personnel
- Design and implement education programs focused on user awareness and security compliance
- Prepare senior-level technical reports for executive management
- Connect legal, regulatory and local organizational requirements with security goals
- Hire, review, and fire non-management employees
Your immediate supervisor (and the highest security position in the company) is typically the CISO.
Security Director Careers
Security Director Career Paths
If you aspire to this top-level job, plan to spend a number of years working specifically in the field of information security. For example, you could begin with:
- Security Administrator
- Network Administrator
- System Administrator
Once you have a solid grounding in security principles, opportunities include:
Senior-level jobs include:
The pinnacle of the profession is the CISO role.
The term “Security Director” is fairly loose. In our survey of job descriptions, we have also seen the position referred to as:
- Deputy CISO
- Information Security Director
- Senior IT Manager
Security Director Salaries
Payscale has two categories for IT Security Directors:
- The median salary for a Director, Computing/Networking/Information Technology (IT) Security is $139,772 (2019 figures). Overall, you can expect to take home a total pay of $76,592 – $202,027.
- The median salary for a Security Director, Computing/Networking/Information Technology is $140,349 (2019 figures). Overall, you can expect to take home a total pay of $79,828 – $197,827.
Total pay figures include your base annual salary, bonuses, profit sharing, tips, commissions, overtime pay and other forms of cash earnings, as applicable.
Security Director Job Requirements
Take a quick look at any Security Director job posting and you’ll often see the following requirements: an MS or graduate certificate, at least 7 years of work experience (including experience with managing teams and handling crises), superb technical skills and relevant certifications (e.g. CISSP). We always recommend networking, but in this case it’s especially important to talk to current Security Directors about their experiences. Directing is a management role, not a 100% technical one.
One way to go about the job hunt is to match your résumé against projected job responsibilities and look for any significant gaps. Do positions in multinational corporations require financial forecasting expertise? See if you can find an online course that will fit the bill. Will you be required to teach or train new employees? Volunteer to take on this task in your current place of work. Lay the foundation before you get into the interview room.
To climb to the top of the security ladder, you will need a bachelor’s degree in Computer Science, Cyber Security or a related technical field. An MS will be a plus on any job application. Large companies will be looking for a relevant master’s degree with a concentration in IT security.
Plan to spend 7+ years working in IT and security before applying for a job as a Security Director. Many employers will want to see at least 5+ years of experience managing security operations and teams.
Above all, you should have extensive hands-on knowledge of security tools and solutions. Samples of required technical skills might include:
- Practices and methods of IT strategy, enterprise architecture and security architecture
- Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
- ISO 27001/27002, ITIL and COBIT frameworks
- PCI, HIPAA, NIST, GLBA and SOX compliance assessments
- Windows, UNIX and Linux operating systems
- C, C++, C#, Java and/or PHP programming languages
- Firewall and intrusion detection/prevention protocols
- Secure coding practices, ethical hacking and threat modeling
- TCP/IP, computer networking, routing and switching
- Network security architecture development and definition
- Knowledge of third party auditing and cloud risk assessment methodologies
Prioritization, coordination, collaboration, facilitation, organization – the list of great leadership skills is never-ending. Overall, employers are looking for candidates with strong negotiation and people-management skills. They will also want proof that you can communicate effectively with both high-flying CEOs and non-technical staff.
As a Security Director, you will be handling an enormous variety of projects and teams, under a deadline and with limited resources. So consider ways you could foster your problem-solving and process-oriented thinking abilities.
Certifications for Security Directors
When you get to this level of security administration, certifications are pretty much mandatory. The most frequently mentioned accreditations in Security Director job descriptions are CISSP and CISM.
- CISA: Certified Information Systems Auditor
- CISM: Certified Information Security Manager
- CISSP: Certified Information Systems Security Professional
- CISSP-ISSMP: Information Systems Security Management Professional