Last Updated: March 30, 2020
What is a security director and what does a security director do? Sometimes called senior information technology managers, information security directors, or deputy chief information security officers (CISOs), security directors supervise information security technology staff, budgets, equipment, and activities. They focus on security incident prevention and response. Security directors also oversee compliance, human resources, and training in matters relating to information security.
Security directors, CISOs, and other computer and information systems managers work in many industries, including government and military, finance, insurance, and education. How much does a security director make? Computer and information systems managers, including security directors, earned a median annual salary of $142,530 in 2018, according to the Bureau of Labor Statistics (BLS). Read on for additional information regarding security director salaries, job prerequisites, and key responsibilities.
What Does a Security Director Do?
Companies hire security directors to manage the security personnel and systems that keep company data safe. Most security director job descriptions include overseeing security departments and programs. Security directors improve organizational security through implementing and maintaining information technology-related security measures.
Security breaches can damage company finances and destroy client trust, so the security director's role is essential to company success. When security threats arise, security directors supervise incident response and investigation.
These professionals also perform diverse managerial tasks, including budgeting and strategic planning. Human resources-related duties can include hiring, training, managing, and firing personnel. Financial duties usually involve forecasting, budgeting, and allocating resources. Planning duties include security improvement strategizing, goal-setting, and policy and protocol-making. Security directors also must align their company's practices with legal and regulatory standards.
Security director requirements vary based on industry, organization size, and position level. Some security directors report to a higher-level CISO or to other top managers. Most security director positions require at least 5-7 years in information security management roles.
Steps to Become a Security Director
Security director education requirements usually depend on the position, company, and industry. Aspiring security directors can launch their career by earning a bachelor's degree in cybersecurity, computer science, or a related field.
Many security director positions also require a graduate certificate or master's degree in fields such as cybersecurity or IT security management. Earning a cybersecurity master's degree often proves useful to individuals with an unrelated bachelor's degree.
Bachelor's and master's programs that offer coursework specifically tailored to information security usually provide better educational foundations for information security careers than general computer science (CS) or IT programs. However, some general CS or IT programs offer tracks or concentrations in cybersecurity that can help students get early exposure to skills and knowledge needed by security directors.
Most information security jobs require considerable additional learning beyond a degree. The cybersecurity field features many professional certification options that bolster cybersecurity skills. Many security directors hold certifications in information systems security professional (CISSP) or certified information security manager (CISM).
Many director positions require at least seven years of work experience in the information security field. Such professionals often have experience in roles such as security administrator, systems administrator, and network administrator. Security-related roles -- such as security auditor, consultant, engineer, analyst, or specialist -- offer more focused preparation for security director jobs.
Because the security director job requires both general management and technical skills, security directors often need at least five years of management experience in roles such as IT project manager, security architect, or security manager.
Top Required Skills for a Security Director
To lead staff and make reports to executives, security directors need soft skills in collaboration, facilitation, and communication. When directing specific security assessment or implementation projects, these professionals must prioritize, plan, and delegate. Security directors need problem-solving ability, accuracy, organization, and foresight to stay on budget and on schedule.
Although these positions often involve more management than technical work, security directors need considerable mastery of the cybersecurity field. These professionals need fundamental hard skills valuable in IT, including knowledge of computer programming languages such as Java or C and operating systems such as Windows and UNIX.
Security directors also need a comprehensive cybersecurity knowledge base, including networks and security architectures. They must know how to conduct cloud risk assessment, third-party auditing, and compliance assessment. Security directors also must understand ethical hacking, threat modeling, and intrusion detection in order to supervise incident response staff.
Through coursework in critical reading and writing, psychology, and project management, cybersecurity programs equip students with some of the soft skills necessary for security directing careers. Courses on programming languages, database applications, networks, and operating systems give students foundational IT knowledge and an introduction to cybersecurity.
Courses on cryptography, ethical hacking, computer forensics, and information assurance build intrusion detection and prevention skill sets, while courses such as policy analysis, disaster recovery, and risk management support leadership roles.
Most good cybersecurity programs also include internships which enable on-the-job learning, networking, and mentorship. Students with little relevant work experience should seek programs that include internships.
Security Director Salary
According to PayScale, information technology security managers earn average salaries of $73,000-$148,000, with a median salary of about $108,000 annually. Information security managers earn average annual salaries of $78,000-$150,000, with a median salary of about $114,000. Meanwhile, BLS reports that CIS managers earn a considerably higher median annual wage of $142,530.
BLS also projects 11% job growth from 2018 to 2028 for CIS managers and 32% growth for information security analysts. These statistics suggest that security directors and other CIS managers specializing in cybersecurity may experience unusually good job prospects in this burgeoning field.
Security director salaries vary based on factors such as credentials, position, company, and region. IT security managers in Washington, D.C. earn 26% above the average salary and New York City pays 19% above average. Phoenix, Chicago, Houston, and Dallas also pay 12-14% higher than average. San Francisco pays information security managers 33% above average. Top employers include Boeing, Scor Reinsurance, and Integraph, while top-employing industries include insurance, business and finance, IT, and government.
Looking for More Cyber Degree Programs?
- How to Become a Chief Information Security Officer
- Best Schools with Online Computer Forensics Programs
- A Guide to Cyber Security Certifications