The demand for chief information security officers in the U.S. is rising, and so are the salaries of these increasingly important executives. The average compensation range for CISOs, in fact, starts at $136,000 and peaks at $345,000; the median salary for a U.S. CISO is $223,000, according to the new study from SilverBull, an IT and cybersecurity recruiting and staffing firm. See
But many CISOs make a lot more dough. For example, according to SilverBull, the top of the average salary range by location varies, including $421,000 in San Francisco, $406,000 in New York, $380,000 in Washington, $378,000 in Los Angeles, $362,000 in Chicago, and $348,000 in Atlanta.
The most common job titles for the CISO position include CISO, director of information security, director of information technology and director of information technology security.
The CISO position has become more important than ever in healthcare, and healthcare CISOs should report directly to the CIO for maximum effectiveness, said Anahi Santiago, CISO at Christiana Care Health System.
“Information security has become such an integral aspect of being able to build brand and advance progress in healthcare delivery, so being able to report to the person who sets the vision and thus integrate information security into everything we bring out to the market has become really important,” Santiago explained. “It also helps the CISO to be so close to the capital of the CIO; some of my peers who do not report into IT struggle to gain the capital leverage to implement things and, further, often are at odds with IT because they are seen not as a peer but as an enforcer.”
In its report, SilverBull said the most pressing issues for CISOs today include: advanced persistent threats, cloud and application security, software-defined networks, the proliferation of Bring Your Own Device, and malware such as ransomware, among others.
With the rise of ransomware attacks, data breaches, and Health and Human Services Office for Civil RIghts second wave of HIPAA audits now underway, security professionals – most notably CISOs – are harder to attract and retain than ever. And that may help explain why top-tier salaries rose to $420,000 since SilverBull last conducted it in January of 2016, at which point $380,000 was the top.