What are the responsibilities of a Security Director?
A Security Director is the person incharge of all IT security measures inside an organization. This is a senior level position that requires you to have a strategic oversight of all aspects of IT security. It includes working with budgets, staffing, incident response and other protocols. A security director is often seen as an equivalent position to CISO.
As a Security Director, you are expected to perform the following duties:
- Allocate and prioritize security resources efficiently and correctly in the organization
- Integrate IT systems development with information protection strategies and security policies
- Develop different strategies to take care of security incidents and then coordinate with any investigative activities
- Do proper maintenance cover for the security assets present in the company and prepare financial forecasts for any security operations
- Making sure all security procedures, policies and protocols are being worked on by experienced technical teams
- Develop, design and implement educational programs for junior level security staff in order to encourage better user awareness and security compliance
- Connect local organizational, legal and regulatory requirements with the security goals of the organization
- Manage all IT programs and help in supervising different security departments
- Implement, maintain and define corporate security procedures and policies
- Monitor security threats, events and vulnerabilities in host systems and networks
- Help in directing a full investigation when a security incident happens with a recommended course of action detailed
- Take part in strategic planning in order to deploy information security technologies, upgradation or enhancements
- Personally guide, train and help juniors under your leadership qualities
- Prepare documentation with technical reports and present them to executive management
- Recruit new staff, review them and fire them when appropriate
If you want to end up being a Security Director, you will have to spend a lot of time gaining experience in information security positions. These include:
- Network Administrator
- System Administrator
- Security Administrator
Once you have gained enough experience in one of the positions, you can opt for:
From there on you can move to senior positions that include:
The final position for your career ends when you reach the post of CISO
A Security Director is often also known as:
- Information Security Director
- Deputy CISO
- Senior IT Manager
The average yearly salary of a Security Director is $74,390 per year. The basic salary starts from around $40,530 and the maximum salary offered under this position is around $151,638 (2016 figures).
Being a senior level position, a Security Director is expected to hold at least a bachelor’s degree in Computer Sciences, Cyber Security or related field such as Mathematics.
Having a MS is a huge plus on your job application so consider getting one. Bigger and known organizations will not settle for just a bachelor’s degree. They may require tons of experience, a master’s degree and a combination of popular and known certifications.
You should be ready to spend at least 7 years in IT security before you can even hope of becoming a Security Director. A lot of employers will require you to have at least 5 years of that experience in a managerial role.
This senior level position requires a lot of soft skills like facilitation, coordination, prioritization, excellent written and oral communication skills plus a host of many other leadership qualities. Mostly employers want you to have very strong negotiating and managing skills. They will also need to see if you can communicate with high level staff that have no idea about IT security. This includes talking to high end CEOs of companies.
A Security Director has to deal with a lot of tasks that require quick response. So meeting deadlines under huge pressure and limited budget should be one of your top skills.
As a senior, you will need to have deep understanding of technical skills. Some of the very popular and most desired skill set includes:
- Firewall and intrusion detection and prevention protocols
- ISO 27001/27002, COBIT and ITIL Frameworks
- Linux, UNIX and Windows Operating systems
- C, C++, C#, JAVA, PHP programming languages
- Ethical hacking, secure coding practices and threat modeling
- HIPAA, GLBA, PCI and SOX compliance assessments
- Methods and Practices of different IT Strategies, security architecture and enterprise architecture
- TCP/IP, routing, switching and computer networking
- Network security architecture definition and development
- Understanding of third party cloud risk assessment methodologies and auditing
You cannot hope to advance to a Security Director level position without possessing professional certification. The most important security certificates you should look out for are CISM and CISSP. Others below can help too:
- CISM: Certified Information Security Manager
- CISA: Certified Information Systems Auditor
- CISSP-ISSMP: Information Systems Security Management Professional
- CISSP: Certified Information Systems Security Professional
Latest posts by Jake Ciber (see all)
- Why Cybersecurity Professionals Need Certifications - December 9, 2018
- 4 Ways to Increase Security Across Your Business Devices - December 3, 2018
- Preventive Measures to Protect Your SMB from a Cyber Attack - November 23, 2018