By many accounts, 2015 was the year of the big data professional, with data scientists even being hailed as the “sexiest job of the year” by one study. But 2016 may emerge as the year of the chief security officer, as another new study reveals that pay for CSOs is rising faster than most every other IT job.
According to the 2016 Technology Salary Survey released this month by Robert Half Technology, top CSOs can now expect to earn just under a quarter million dollars in base pay. To be more specific, salaries for CSOs will range from $140,250 to $222,500 in the New Year. This represents an average pay increase of 7.0 percent, the fourth highest in the entire salary study. Only wireless network engineers (at 9.7 percent), big data engineers (at 7.5 percent) and data security analysts (at 7.1 percent) will see larger pay hikes.
CSO pay increases will also be significantly higher than other IT executives in 2016. According to the Robert Half study, the percent of salary increase in the top ranks of IT will be 4.9 percent for CIOs; 5.2 percent for CTOs; 5.1 percent for vice presidents of IT; 5.1 percent for technology directors; and 4.9 percent for IT managers.
Where you fall in the CSO salary range obviously depends on location and industry. But there are some more directly controllable factors that will help determine how big a paycheck you take home. CSOs wanting top dollar had better know their business and be able to tie their efforts to best protecting it.
“Employers are looking for a proven track record of establishing processes and solutions for IT security,” John Reed, senior executive director at Robert Half Technology, said of CSOs testing the job market. “They want candidates who can give solid examples of their previous work.”
“They are also looking for candidates with deep industry knowledge. For example, within the financial and healthcare industries, hiring managers will seek professionals with that specialized experience to ensure they will ramp up quickly and understand the nuances of the industry,” Reed notes.
Breach experience pays off
Confirming the rapidly rising pay rates for CSOs is Rona Borre, CEO at Instant Alliance, a technology recruiting firm in Chicago.
“Most CISOs tend to make between $175,000 to $225,000, with a 25 percent bonus potential, and strong equity package ($25,000 to $75,000 annually); though larger (Fortune 100) clients and major financial firms can pay upward of $300,000,” Borre says.
Adding greatly to a CSO’s earnings potential is their experience with security incidents.
“My recruiters typically go after CISOs from large companies with high risk data and systems (i.e. healthcare, ecommerce, financials, high volume transactions, HIPAA/PCA compliant data), as well as CISOs who have dealt with breaches in the past or have been brought in to recover from them,” Borre says.
“Ideal CISOs have touched all points of security, not just application or infrastructure security,” Borre adds. “Opportunities to bring in best practices, build teams, and recover from major security problems are attractive to new candidates.”
What else will help the CSO earn top dollar? According to Dr. Jane LeClair, chief operating officer at the National Cybersecurity Institute at Excelsior College in Washington DC, a recent survey of CEOs by that organization found that the following are the skills most expected in a top level CSO hire:
- IT security knowledge, cited by 77 percent
- Business knowledge, cited by 77 percent
- Communication skills, cited by 67 percent
- Leadership skills, cited by 64 percent
- Industry knowledge, cited by 43 percent
- Governance skills, cited by 39 percent
- Interpersonal skills, cited by 33 percent
A simple matter of supply and demand
Also putting pressure on CSO salaries is simple supply and demand, and smart CSOs know they hold the upper hand.
“There is a shortage of talent with industry-specific knowledge, so employers are willing to offer extremely competitive compensation and benefits packages to recruit and retain these professionals,” Reed confirms.
CSO job candidates are also likely considering multiple offers or opportunities at the same time, Borre says, “This is a highly sought-after skill set as security becomes a hot button issue, and they know they can use this as leverage to increase their total compensation package.”
Don’t expect that picture to change anytime soon.
“The growth in security initiatives has been a major factor in driving the tech space over the past few years,” Reed says. “That includes salary growth in roles at all levels, including executives – and this year’s 7 percent increase in their salaries is indicative of their importance within organizations. It’s vital for organizations to have strong leadership directing their security teams to protect organizations from threats in addition to keeping on top of emerging trends in technology.”
But the good news doesn’t stop at the CSO level. There is plenty of bounty to go around in the IT security ranks. Taken as a whole, IT security jobs have the highest pay increase percentage heading into 2016 of any IT job group.
Leading the way, as noted earlier, are data security analysts, with a 7.1 percent pay increase, and salaries ranging from $113,500 to $160.000. That is followed by the network security engineer, with a 6.7 percent pay hike, and salaries ranging from $110,250 to $152,750. Next up is the information systems security manager, with a 6.2 percent pay increase, and salaries ranging from $129,750 to $182,000.
“Security will continue to be a major driver of hiring, as security is continuing to remain at the forefront of the minds of business leaders,” Reed concludes. “As organizations become more vigilant about protecting internal and customer data, there will be a continued need for the professionals who are able to implement and maintain these programs and initiatives.”