IT Security Director
What is an IT security director?
A security director is a senior member of an organisation, responsible for overseeing and managing the entire company’s IT security. Those in this role will be tasked with managing the processes of IT security including research, design, testing, implementation, monitoring and reporting.
You will be expected to manage a team of security staff to ensure that every element of the security strategy is operating properly and projects are being undertaken within expected budget and time frame.
What are the duties of a security director?
The information security director will be responsible for the executive decision making of the security department, from the third party tools introduced to the planning, development and implementation of new security structures.
- Producing security strategies
You will research and plan the necessary security strategies to best protect the business and then ensure these strategies are rolled out across the business, including training of relevant staff in other departments of their responsibilities.
- Planning and execution of testing and reporting
The IT security director is responsible for scheduling and overseeing vulnerability/penetration tests as well as analysing the reports from each test to assess how best to improve the security of the business.
- Liaison with senior staff and staff under your direction
You will be expected to share your reports with other senior-level directors and the board of the organisation. You will also need to have regular meetings with managers under your direction to determine how your department is operating and how that fits with the business’ plans.
- Monitoring regulation
As well as security, you will be responsible for the business’ adherence to data regulation, such as the GDPR in the UK, ensuring that all staff are acting in compliance to the full extent that they are expected to.
- Managing staff throughout their time at the business
The staff under your direction will need to be monitored so that they are receiving the correct training and development. You will also need to assess the need for new hires and oversee the recruitment process, as well as redundancies and termination of employment.
- Management of budget and resources for your department
You will be responsible for overseeing the use of budget and resources and assessing the need for any new requirements such as new software or service providers. This is to determine whether the business is receiving a good return on investment and ensures that your department can function optimally.
How much does a director of information security make?
The average UK salary of an IT security director is £60,000, with the lower 10% in the role making an average of £20,000.
Computing security directors in the US make an average of $140,000 and the lower 10% of workers in this role make $84,000.
What qualifications will I need to be an IT security director?
IT security directors will usually be expected to hold a bachelor’s degree in computer science or a related field. Larger companies may expect a master’s degree in cyber security for this position but this may not be required.
You will need to show an extensive understanding of a range of cyber security concepts and have at least 5-7 years' experience in the field to be considered.
Some related professional certifications include:
- CISA: Certified Information Systems Auditor
- CISSP: Certified Information Systems Security Professional
- CISM: Certified Information Security Manager
What is a CISM certification?
The CISM is accredited by non-profit organisation ISACA to provide validation for those with demonstrable experience in the management of information security processes.
Applicants must have at least five years’ experience in cyber security with a minimum of three years in a management role in three or more of the CISM content areas.
These areas are:
- Information security management
- Information security incident management
- Information security program development and management
- Information risk management and compliance
The test is a 200-question multiple choice exam on these four content areas.
This qualification is highly desirable and would certainly give you an advantage when looking for a position as IT security director.
How do I become an IT security director?
Security directors will need to have experience in a range of security fields so those from positions such as security specialist, security consultant and security auditor may want to look to this position as the next step.
You will also need at least five years’ experience and knowledge of how to manage teams within IT security.
This is a role which expects a range of hard and soft skills to ensure you can understand the technical details of your operations and effectively lead the department and communicate its goals to other members of the business.
Some relevant hard skills include:
- Knowledge of coding languages such as C, C++, C# and Java
- Experience with third-party auditing and cloud risk assessment
- Understanding of multiple operating systems
- Experience with security concepts such as authentication, VPN, proxy services and DDOS mitigation techniques