IT Security Director


What is an IT security director?

A security director is a senior member of an organisation, responsible for overseeing and managing the entire company’s IT security. Those in this role will be tasked with managing the processes of IT security including research, design, testing, implementation, monitoring and reporting.

You will be expected to manage a team of security staff to ensure that every element of the security strategy is operating properly and projects are being undertaken within expected budget and time frame.

What are the duties of a security director?

The information security director will be responsible for the executive decision making of the security department, from the third party tools introduced to the planning, development and implementation of new security structures.

  • Producing security strategies

You will research and plan the necessary security strategies to best protect the business and then ensure these strategies are rolled out across the business, including training of relevant staff in other departments of their responsibilities.

  • Planning and execution of testing and reporting

The IT security director is responsible for scheduling and overseeing vulnerability/penetration tests as well as analysing the reports from each test to assess how best to improve the security of the business.

  • Liaison with senior staff and staff under your direction

You will be expected to share your reports with other senior-level directors and the board of the organisation. You will also need to have regular meetings with managers under your direction to determine how your department is operating and how that fits with the business’ plans.

  • Monitoring regulation

As well as security, you will be responsible for the business’ adherence to data regulation, such as the GDPR in the UK, ensuring that all staff are acting in compliance to the full extent that they are expected to.

  • Managing staff throughout their time at the business

The staff under your direction will need to be monitored so that they are receiving the correct training and development. You will also need to assess the need for new hires and oversee the recruitment process, as well as redundancies and termination of employment.

  • Management of budget and resources for your department

You will be responsible for overseeing the use of budget and resources and assessing the need for any new requirements such as new software or service providers. This is to determine whether the business is receiving a good return on investment and ensures that your department can function optimally.

How much does a director of information security make?

The average UK salary of an IT security director is £60,000, with the lower 10% in the role making an average of £20,000.

Computing security directors in the US make an average of $140,000 and the lower 10% of workers in this role make $84,000.

What qualifications will I need to be an IT security director?

IT security directors will usually be expected to hold a bachelor’s degree in computer science or a related field. Larger companies may expect a master’s degree in cyber security for this position but this may not be required.

You will need to show an extensive understanding of a range of cyber security concepts and have at least 5-7 years' experience in the field to be considered.

Some related professional certifications include:

  • CISA: Certified Information Systems Auditor
  • CISSP: Certified Information Systems Security Professional
  • CISM: Certified Information Security Manager

What is a CISM certification?

The CISM is accredited by non-profit organisation ISACA to provide validation for those with demonstrable experience in the management of information security processes.

Applicants must have at least five years’ experience in cyber security with a minimum of three years in a management role in three or more of the CISM content areas.

These areas are:

  • Information security management
  • Information security incident management
  • Information security program development and management
  • Information risk management and compliance

The test is a 200-question multiple choice exam on these four content areas.

This qualification is highly desirable and would certainly give you an advantage when looking for a position as IT security director.

How do I become an IT security director?

Security directors will need to have experience in a range of security fields so those from positions such as security specialist, security consultant and security auditor may want to look to this position as the next step.

You will also need at least five years’ experience and knowledge of how to manage teams within IT security.

This is a role which expects a range of hard and soft skills to ensure you can understand the technical details of your operations and effectively lead the department and communicate its goals to other members of the business.

Some relevant hard skills include:

  • Knowledge of coding languages such as C, C++, C# and Java
  • Experience with third-party auditing and cloud risk assessment
  • Understanding of multiple operating systems
  • Experience with security concepts such as authentication, VPN, proxy services and DDOS mitigation techniques


Cyber-Exchange Member-Badge Full AFC POS RGB logo referenced on jobboard finder 90x90

We use cookies to provide you with the best possible browsing experience on our website. You can find out more below.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
SessionUsed to track your user session on our website.
ResolutionUsed to ensure the correct version of the site is displayed to your device.

More Details