CISOs have a huge amount to consider when trying to align their plans with those of the broader organization, if they hope to hang on to their top talent.
To keep pace, according to a survey released today by security analysis firm IANS and headhunting firm Artico, recommend keeping compensation at the high end of the range — the top 25% of earners tend to be perceived as the top performers in their roles.
Across the various specialties — including SecOps and governance, risk, and compliance (GRC) — that top 25% averages around $523,000 per year in cash compensation, and $640,000 in total compensation with equity.
The “floor” of the top 25% varies by specialty, from $360,000 in total compensation for identity and access management leaders, up to $465,000 for a deputy CISO and $447,000 for a product security department head.
The report also found that businesses’ cybersecurity organizations generally divide themselves into three broad structures, based mostly on the size of the company at the time. Fortune firms, which the study classifies as those with more than $6 billion in annual revenue, generally have four organizational layers beneath the CISO and more specialist executives than smaller companies — about half have deputy CISOs and a quarter have a “global” CISO who handles worldwide security issues.
“Large enterprise,” according to the IANS and Artico report, runs from $6 billion in revenue down to $400 million. They tend to have two to three layers of support staff under the CISO, and tend to feature specialist leadership in particular subject matter areas. Finally, “midsize” companies cover the $400 million to $50 million per year bracket of annual revenue, and are characterized by smaller teams where each member has multiple responsibilities.
