Thursday, January 31, 2019

Information Security lead roles with salaries

This is an alternative model to understand the Information Security maturity level of a medium/large company. This is based just on my experience in companies and therefore it's to be used just as a reference. Salaries are for London based permanent employees. I don't pretend this model to be very accurate but can be used as a starting point to understand the maturity with one simple question: who will lead the information security?

Possible answers:

1) Network and security manager (base salary £50k to £70k), this person comes from the network background and probably has none or very little experience in security.
The company has no security culture and does not even imagine what information or cyber security means. They will deploy security appliances and maybe buy some external services without understanding really the value of them.

2) Information Security Manager (base salary from £70k to £85k), this person has usually previously no experience in leading Informaton Security teams.
The company has a very little security culture and some security intiatives/projects are delivered.

3) Head of Information Security (base salary around £100k+20% bonus), this person has 0 to 2  experiences in leading Information Security.
The company starts to take security a bit more seriously. The company starts to have a security strategy with multiple projects.

4) Group Head or Director of Information Security (base salary from £120-130k + 20/30% bonus to £150k), this person has at least 2-3 previous experiences leading Information Security.
The company understood Information Security is important even if probably the senior management (CEO) has still no interest in the Information Security and still think Information Security is a "technical" thing for "technical" people.

5) Chief Information Security Officer (CISO, salary from £130k up to £250/300k + bonus). This person has a deep experience and is able to communicate difficult concepts in an easy and clear way to non-technical people.
The company has understood Information Security should be embedded in every process and the senior management (CEO and the board) would like to be informed on the Information Security.


  1. This comment has been removed by the author.

  2. No doubt, protection against ransomware is an important part of modern information security policies.

  3. Nice reading, I love your content. This is really a fantastic and informative post. Keep it up and if you are looking for Car Tracking Device then visit Vimel Technology Pty Ltd.

  4. This comment has been removed by the author.

  5. Really very happy to say, your post is very interesting to read. we also providen service for Cyber Security White Label. for more information visit on our website.

  6. Wow, cool post. I'd like to write like this too - taking time and real hard work to make a great article... but I put things off too much and never seem to get started. Thanks though. construction employment agencies

  7. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. اینترنت اشیا

  8. Evacuation of middle people would diminish the expenses in the creation and circulation esteem chain. The data advancements have encouraged the development of improved mail request retailing, in which products can be requested rapidly by utilizing phones or PC organizations and afterward dispatched by providers through incorporated vehicle organizations that depend broadly on PCs and correspondence advances to control their tasks. Alfresco Training

  9. This comment has been removed by the author.

  10. Like recommend (Youngs, 2004) and (Lohnes, 2012), those equivalent occupied instructors would have gone to those trainings if there were given a motivator.Security Cameras

  11. i never know the use of adobe shadow until i saw this post. thank you for this! this is very helpful. security company