Home SECURITY It’s good to be a CISO! What salaries can you expect in a leadership position?

It’s good to be a CISO! What salaries can you expect in a leadership position?

It’s good to be a CISO!  What salaries can you expect in a leadership position?


It’s good to be a CISO! What salaries can you expect in a leadership position?

Let us analyze in detail all the possible financial “buns” available to a competent head of the information security department.

A capable head of security is invaluable. This is a fact that organizations are increasingly recognizing in recent years. CISO salaries are usually very high, but the range of compensation is also very wide. This is how companies try to retain competent specialists. In this article, we will discuss any cash payments that a CISO in a foreign company can expect.

general Statistics

Abroad, the concept of “compensation package” is very popular, which is understood as the totality of the base salary, various bonuses, one-time payments, benefits, paid leave, benefits, employee insurance, etc. Most compensation, one way or another, is usually converted into currency.

According to the 2022 CIO Survey by executive search company Heidrick & Struggles, the average CISO salary in the US is $584,000 per year. Or 971 thousand dollars a year (about 6.5 million rubles a month), if you count all kinds of additional payments.

All of these numbers certainly seem like the true embodiment of the American Dream, but they are more true for very large companies and experienced qualified CISOs. In medium-sized companies, even CEOs often do not see such salaries.

According to statistics from Salary.com, based on surveys of employers and third-party compensation consulting firms, most CISOs can expect a base salary of $175,000 (just over a million rubles a month) to $300,000 a year (about $2 million). rubles per month).

Converting to “our” salaries once a month in this case is not entirely correct, because foreign companies receive large payments at the end of the year, which are often called the “thirteenth salary”, although this payment scheme is usually used in Russian state institutions.

Factors Affecting CISO Revenue

The salary that a CISO can expect to earn varies significantly and can be highly dependent on the following factors:

  • Location
  • Geographic location has a direct and significant impact on CISO revenue. Executives in US cities such as New York or San Francisco can receive significantly higher bonuses than executives in other parts of the country. It is clear that, in any state other than the United States, the level of wages and other monetary payments is likely to be significantly lower.

  • Experience and mobility
  • More experience usually correlates with a greater salary. However, there is a significant difference where this experience was obtained. The status of the previous job, and ideally, several jobs, to a large extent determines whether such an experience will be appreciated by a new employer.

    Specialists who stay in their positions for a long time in one company, as a rule, record their salary growth by 3-5% per year. However, when they change companies, wages rise by 10-15%. The sad reality is that moving up the corporate ladder within the same organization is usually less profitable than changing companies. In addition, as mentioned above, a short work in several different companies is valued by employers more than a very long work experience, but in a single organization.

  • Education and certificates
  • Security executives with a higher profile education (for example, with a completed master’s degree in their specialty) usually receive a slightly higher salary than those employees who do not have such a diploma. However, as statistics show, it is not diplomas from higher educational institutions that are much more valued, but generally recognized cybersecurity certificates.

    CISSP (ISC) 2 and Certified Chief Information Security Officer (CCISO) are the most lucrative CISO certifications. This is due to their high reputation, as well as the fact that there is a strong focus on developing cybersecurity leadership.

  • Efficiency and results
  • CISO salaries and bonuses are, of course, also affected by performance, which includes specific results and achievements. For example, CISOs who have helped companies with serious security problems, or who can prove that they prevented some sort of cybersecurity disaster at the firm they worked for, can “convert” their success into higher wages.

  • Area of ​​responsibility
  • The scope of a security manager’s responsibilities is probably the most obvious indicator of his salary. The following factors directly affect the financial position of the CISO:

    • company size;
    • field of activity;
    • sensitivity to cyber risks;
    • security budget;
    • number of employees reporting to the CISO;

    The largest companies, which have the most to lose in the event of a serious cyber incident, are willing to pay much more to attract the most qualified specialists to their staff.

CISO Salary Negotiation Tips

Security executives can significantly increase their overall “compensation package” size with a few simple tricks.

1. Bonuses can be tied to performance

In addition to base salaries, CISOs must negotiate with company management for additional performance-based compensation. While the annual bonus is usually a fixed percentage of the salary, the CISO may ask the employer to calculate his incentives as a proportion of measurable performance. For example, if a company’s overall security costs have been reduced or unnecessary fines have been avoided, a percentage of the savings can be included in the annual bonus.

2. Do not chase a big salary, get other “goodies”

While a higher base salary is great, there are many other types of benefits that can add up to a CISO’s quality of life just as well as a high salary. For example:

  • additional paid leave;
  • covering the cost of education, including preparation for obtaining specialized certifications;
  • company car;
  • conference fees, etc.

Such cost items are often already budgeted for the position, and many executives and boards of directors are always ready to find creative ways to attract and retain talented cybersecurity leaders.

In addition, it is worth considering the possibility of working remotely with infrequent visits to the main office of the company. So you can save a lot on renting a house if you rent it in a neighboring city, where real estate prices are much lower.

3. Be professional

Even if the salary and other cash payments are far from desired, you should not blackmail the management with your departure or other unpleasant things that can ruin labor relations, and more importantly, your reputation. It is always best to conduct any negotiation in a positive and professional manner. It is better to position yourself as a team player working with the company and not just for yourself.

4. From time to time it is worth studying the labor market

It is necessary to monitor vacancies in other companies in order to know the real state of affairs in the labor market, and to soberly assess the payment for your knowledge and experience. The demand for outstanding security professionals is extremely high, so if there is a feeling that the salary in the company does not correspond to the market, you can carefully hint about this to the employer or immediately try to get an interview in a new company.


As you can see from the information above, CISO is a very financially lucrative position, especially abroad. Having decided to build your career in this area, you can count on high salaries that can provide a decent standard of living for both the CISO specialist and his entire close circle.


Source link



Please enter your comment!
Please enter your name here