Salaries for IT risk managers up as threats to continuity drive demand


Salaries for IT risk managers up as threats to continuity drive demand

Ian Grant

The need to comply with a growing number of regulations and IT-based threats to business continuity is fuelling demand for IT risk managers and is driving up salaries, a survey by security training body (ISC)2 has revealed.

Commenting on the results of the third survey of employment trends in information security, which canvassed more than 4,000 respondents around the world (ISC)2 director John Colley said accountability for information security was shifting to specialist functions.

Two years ago, responsibility for risk security was in the hands of the chief security officer (CSO) in 25% of firms, he said. This has grown to 30% of firms, and the job has been split between the CSO and the chief information security officer (CISO), with a new job title, chief risk officer (CRO), appearing.

Colley said CIOs and chief technical officers were still largely responsible for securing the technology, but their role in ultimate accountability was diminishing as boards and other executives assumed more responsibility.

"Infosecurity is no longer an ivory tower issue," Colley said. "It is now a key function that is critical in protecting the bottom line."

Analysis of information security budgets in the Europe, Middle East and Africa region revealed that about half had increased their spending by more than 20% in the past year.

Much of the new money has been spent on staff. These represent about 31% of an average £2.2m budget for security in 2006.

This focus on people is reflected in the priorities reported to (ISC)2, with finding qualified staff reported to be one of the top three priorities for 81% of respondents.

Management support of security policies was the top priority for 43% of respondents, and user take-up of security policies was second with 34%.

Colley said 42% of respondents were looking for training in infosecurity risk management. About 40% want training in business continuity, disaster recovery and meeting ISO and IEC 17799 standards.

Demand for forensic training is rising, but respondents were confident in their ability to control access to data.

Business data protection: the expert view >>

(ISC)2 >>

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy