“Alright bro, indeed information security is a very cool and interesting field, having seen all the different domains of information security we realize how vibrant the job roles are gonna be. Show me the jobs that catch peoples imagination and rake in all the moolah- Le security enthusiast”
Let the parade begin-
- CISO (Chief Information Security Officer)
Job description: Responsible for determining enterprise information security standards. Develops and implements information security standards and procedures. Ensures that all information systems are functional and secure. Requires a bachelor’s degree with at least 10-12 years of experience in the field. Familiar with a variety of the field’s concepts, practices, and procedures. Relies on extensive experience and judgment to plan and accomplish goals. Performs a variety of tasks. Leads and directs the work of others. A wide degree of creativity and latitude is expected. Typically reports to top management.
Average salary: Well this is a top rung job and commands a respectable salary averaging upwards of $176,000 in the US and anywhere between £75,000 – £134,500 in the UK. This coming in latest this year in 2014, according to salary analysts worldwide the annual packages for the CISO role has seen an increase of 3.5%.
Hot meter: A CISO rubs shoulders with the CTO’s and CIO’s of the company and reports directly to the CEO of the organization. This is a fairly new job role in the market and with fewer qualified security professionals with the right experience, this is your shortcut to the top management level.
- IT Forensic investigator/Cyber crime expert
Job description: A white hat with excellent reverse engineering skills, proficient at coding, analyzes security breaches and traces web footprints of cyber criminals. Deciphers complex exploits and is aware of latest exploit methodologies.
Average salary: Upwards of $60,000 a year but, they mostly work as consultants working on a case by case basis.
Hot meter: A very niche job, you are a species of your own. Technically superior, you bring the hackers to book.
- Exploit developer/vulnerability researcher
Job description: Develop exploits, dig into vulnerabilities in systems, softwares, applications. You exploit the code, assess and analyze a vulnerability and help write signatures to counter these exploits.
Average salary: This job role commands an average of $130,000 a year in the US.
Hot meter: As a vulnerability researcher or an exploit developer in good standing, you are bound to be chased by the product biggies of the security world. Growth in the world of security rests on newer exploits and the development of their antidote and you my friend are an essential part of it.
Job description: To find vulnerabilities in an enterprise’s applications, systems or network. Provide crucial insight into the security posture of an organization and identify business risks to mitigate them. You are the typical CEH, LPT with sound skills in utilizing various pentest tools.
Average salary: Upwards of $75,000 a year
Hot meter: Every organization following an ideal security program needs penetration testing to be done. Which means you have more jobs of the offing. You can work as an independent consultant or attach to a corporate.
- Business Continuity Specialist/Manager
Job description: An individual who develops and executes the business continuity plan for an organization. This is a role that also has a greater say in the architecture and design of a company. This individual needs to understand load balancing both global and local, DNS, high availability, ERP systems and application behavior. He has to have a strong understanding of the widely recognized BCP standards, methodologies, tools and capabilities and be adept at project management.
Average salary: Upwards of $70,000 a year
Hot meter: This job requires effective project management skills and a strong understanding of BCP methodologies. You will be on the hot seat, and work on risk assessments, business impact analysis, developing the recovery plans, a job that has great visibility if you want to shine in your prospective career.
Job description: Develops and governs the security program for the industrial control systems. Conducts/manages risk assessments specific to the industrial control systems environment, designs the security architecture, lays appropriate controls, understands the control systems environment and technologies along with information security principles.
Average salary: Still new to the market, this role can rake in upwards of $110,000 per annum.
Hot meter: One of the hottest and most lucrative, fairly new to the market and commands immense respect as the individual must be aware of control systems/SCADA environment along with the information security principles and methodologies which, is a rare combination.
Job description: Analyzes and decodes the purpose of a malware simple termed as a malicious software, could assist in reverse engineering and/or develop signatures to detect the malware. Requires good coding/programming skills and strong understanding of hacking concepts and attack behaviors.
Average salary: Averages around $120,000 in the US.
Hot meter: It is in the same class as an exploit developer or a security savvy programmer and is sought out by security vendors for development purposes.
Job description: Secures enterprise information by determining security requirements. Typically plans, designs, implements, and tests security systems; Adheres to or prepares security standards, policies, and procedures based on the CIA (confidentiality, integrity & availability) triad and mentors team members in most cases. A security architect could further be drilled down to Network security architect, Application security architect or infrastructure security architect.
Average salary: Averages around $115,000 per year.
Hot meter: One of the oldest job roles in the field of Information security and the demand still increases.
- IT Governance, Risk and Compliance Officer/ Risk assurance Manager/ GRC specialist
Job description: The Governance, Risk and Compliance specialist works with C-level executives on enterprise risk management, regulatory compliance and governance. Consultants help companies transform their GRC processes, practices and risk management technology platforms to provide a more efficient and effective approach to the management of strategic, financial, operational and compliance risks.
Average salary: Averages around $90,000 a year.
Hot meter: GRC is a flamboyant domain and job requirements have increased by 9% in 2014. If you have a flair for writing policies, procedures, standards and are interested in governing compliance with well known industry standards like CoBIT, ISO, PCI, etc; this job is for you.
Job description: Security auditors work with a company to provide an audit of security systems used by that company. Once completed, the security auditor will provide the company with a detailed report of information systems. These reports will outline whether the system runs efficiently or effectively. This can help the company make changes where necessary to improve the integrity of their system. Work performed by a security auditor may also include the testing of policies put forward by a company to determine whether there are risks associated with them. The auditor may also review or interview members of the staff to learn about any security risks or other complications within the company.
Average salary: Averages around $80,000 per year.
Hot meter: Auditing is a tedious and challenging job. Involves a lot of documentation, reports and presentations. If you have a flair for communication, this job is for you.