Salary Survey Extra: Deep Focus on Certified Information Security Manager (CISM)
Posted on
June 22, 2018

Salary Survey Extra is a series of dispatches that give added insight into the findings of our annual Salary Survey. These posts contain previously unpublished Salary Survey data.

The CISM certification issued by ISACA is a premier information security credential.

The massive proliferation and accumulation of information has both benefited and bedeviled the modern age. The computerization of daily life and commerce means that almost everyone is a gatekeeper expected to safeguard massive stockpiles of data. Problematically, of course, our ability to gather and store information has gradually outpaced our ability to protect it.

A respected information security certification can be a hugely influential career calling card, and one of the most respected of them all is the Certified Information Security Manager (CISM) credential managed by security and governance association ISACA. A reliable presence in our Salary Survey, CISM checked in at No. 14 on this year’s Salary Survey 75 list.

Here’s what the salary picture looks like for CISM holders who responded to the Salary Survey:

All U.S. Respondents
Average Annual Salary: $133,980
Median Annual Salary: $125,420
How satisfied are you with your current salary?
Completely Satisfied: 6 percent
Very Satisfied: 26.5 percent
Satisfied: 51.8 percent
Not Very Satisfied: 12.1 percent
Not At All Satisfied: 3.6 percent

All Non-U.S. Respondents
Average Annual Salary: $95,240
Median Annual Salary: $98,750
How satisfied are you with your current salary?
Completely Satisfied: 5.2 percent
Very Satisfied: 20.7 percent
Satisfied: 36.2 percent
Not Very Satisfied: 27.6 percent
Not At All Satisfied: 10.3 percent

The largest single body of CISM holders who responded to the survey is made up of U.S. residents (65.9 percent), but ISACA has chapters around the world, and we found strong evidence of its international character. There are 18 other countries represented in our results: Australia, Bahrain, Belgium, Brazil, Canada, China, France, Ireland, Italy, Netherlands, New Zealand, Norway, Peru, Saudi Arabia, Spain, Switzerland, Trinidad and Tobago, and the United Kingdom.

Most of those we heard from are men (89.7 percent of those surveyed), but 10.3 percent is an impressive showing by female certification holders, particularly in the cybersecurity sphere. There’s not what you could call a preponderance of youth among CISM holders, with just 6 percent of those surveyed between the ages of 25 and 34, no one at all younger than 25, and only 25.9 percent between the ages of 35 and 44. Everyone else is at least 45 years old, including the 37.1 percent of respondents between the ages of 45 and 54, the 28.4 percent between the ages 55 and 64, and the 2.6 percent between the ages of 65 and 74.

There are few paths to CISM certification, it would seem, that don’t involve a college degree. The highest level of formal education completed for most CISM holders in the survey is either a master’s degree (51.7 percent of respondents) or bachelor’s degree (29.3 percent), with associate’s (two year) degrees (6 percent), doctorates (2.6 percent), and professional degrees (0.9 percent) also represented. The outliers are the 5.6 percent of respondents who completed some level of technical training after high school, those who have a high school diploma (2.6 percent), and those currently in school (1.7 percent).

Most CISM holders have full-time jobs (92.1 percent of those surveyed), with only a handful who work part-time (3.2 percent), are currently on sabbatical (1.5 percent), or are unemployed (3.2 percent). Among those who currently have full-time jobs, most either work between 41 and 50 hours per week (41.9 percent of respondents) or have a more traditional 40-hour work schedule (35 percent). The outliers are the fortunate few who work between 31 and 39 hours per week (6 percent of those surveyed) and the hard-driven drudges on the clock for more than 50 hours per week.

In terms of workplace standing, the largest single group of CISM holders, 32.8 percent of those surveyed, are senior specialists, with only a smattering checking in from lower down on the corporate ladder, either as specialists (4.6 percent) or rank-and-file employees (1 percent). That leave a bit more than 60 percent in leadership roles as either managers (19.8 percent of respondents), senior managers (16.7 percent), directors (16.7 percent), or executives (8.4 percent).

As you’d expect given the skew in age, most CISM holders are veterans: a solid 72.5 percent of respondents have worked in a role that directly utilizes one or more of their certified skills for more than a decade. There’s almost no on in the group with little-to-no experience: 0.8 percent of respondents have been plying their certified skills for between zero years (1 to 11 months) and 2 years, 5.3 percent have been at it for between 3 and 5 years, and the remaining 20 percent have been in the game for either between 6 and 8 years (12.2 percent) or between 9 and 10 years (9.2 percent).

Finally, here’s the view of CISM holders on key questions from the survey about how certification impacts job performance:

At my current job I use skills learned or enhanced through certification:
Several times a day: 65.6 percent
Several times a week: 25.9 percent
Several times a month: 3.1 percent
Occasionally: 3.1 percent
Rarely: 2.3 percent

Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 50.4 percent
Agree: 38.9 percent
Neither Agree nor Disagree: 7.6 percent
Disagree: 0.8 percent
Strongly Disagree: 2.3 percent

Becoming certified has increased my problem-solving skills.
Strongly agree: 29 percent
Agree: 42 percent
Neither Agree nor Disagree: 24.4 percent
Disagree: 2.3 percent
Strongly Disagree: 2.3 percent

Becoming certified has increased my workplace productivity.
Strongly agree: 25.2 percent
Agree: 40.5 percent
Neither Agree nor Disagree: 28.2 percent
Disagree: 3.8 percent
Strongly Disagree: 2.3 percent

About the Author

Certification Magazine was launched in 1999 and remained in print until mid-2008. Publication was restarted on a quarterly basis in February 2014. Subscribe to CertMag here.

Posted to topic:
Jobs and Salary

Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)

CompTIA IT Project Management - Project+ - Advance Your IT Career by adding IT Project Manager to your resume - Learn More