Available at a fixed monthly cost

Get your quote today

What we offer at a glance

  • Get an external data protection officer
  • Audit of your data privacy status quo
  • GDPR support for small businesses and large corporations
  • Personal contact person & individual support
  • Easier communication with authorities
  • 100+ experts from the fields of law, economics & IT

Don't trust us, trust them:

Jedox  Logo Contact Demodesk Logo Contact Elevate Logo Contact Canon  Logo Contact CBTL Logo Contact Alasco  Logo Contact RightNow Logo Contact Veganz Logo Contact Escada Logo Contact First Group Logo Contact

Learn more about our prices & services

or call us now: (020) 36956 452

CISOs and ISOs: Tasks, training, and salary at a glance

Today, there is a global shortage of some 3 million cybersecurity professionals, with IT-Sicherheit Online even reporting that this lack of professionals in the information security sector is one of the top four trends that companies should prepare for. This makes both CISO and ISO an in-demand job profile with great opportunities on the market.

And it’s no surprise, as the information security job profile brings together a unique set of skills that are rare in today’s jobs market, taken even on their own: in addition to a high degree of IT literacy, applicants also need in-depth knowledge of the standards and laws relevant to the field. Moreover, the job is also one that frequently demands an aptitude for communication and negotiation. After all, information security processes can only work when all the company divisions involved cooperate – getting them to do so is just one more task where the cybersecurity professional has to shine.

The facts in a nutshell

  • CISO stands for Chief Information Security Officer, whereas an ISO is an Information Security Officer.
  • Both are experts in the field of information security who implement measures in their company of employment.
  • On the job market, information security experts are a hot item.
  • There is no dedicated degree program for a career in information security; graduates in computer science and business administration are equally qualified.
  • More important than a degree are previous experience and knowledge about ISO 27001 and information security management systems.
  • With annual salaries north of 70,000–100,000 euro, both jobs are well paid due to the high level of responsibility the position carries.
  • Many companies choose to outsource the ISO or CISO role and hire external service providers.

What do the terms CISO and ISO mean?

The main task of a Chief Information Security Officer (CISO) or Information Security Officer (ISO) is ensuring that a company’s information assets are protected. The job is often up against one challenge in particular: a CISO or ISO must ensure the best possible level of information security (InfoSec) while not impairing the company’s business operations.

For example: from an information security perspective, it would make a great deal of sense to restrict all workstations to company premises and prohibit employees from using their own mobile devices (i.e., their smartphones) for work. But home office and ‘bring your own device’ (BYOD) have long since become part of modern working reality. So CISOs and ISOs need to find compromises and take InfoSec measures based on their company’s individual appetite for risk.

Are there differences between a CISO and ISO?

Normally, a CISO or ISO is directly subordinate to top-level management and works closely with the IT department as well as the compliance and legal teams. The CISO role is more strategic and overarching – a CISO has to keep an eye on the entire company. An ISO is more concerned with the implementation of measures in the individual departments, acting, for example, as a project manager for the introduction of an information security management system.

But the role may be defined differently within each company structure. Many companies only have either a CISO or an ISO – in which case the job titles can be considered synonymous.

What are the tasks of a CISO or ISO?

The responsibilities of the job are not legally defined; a CISO’s day-to-day activities will largely depend on the company itself and the respective industry. However, there are special cases in the public sector where the job profile is legally defined.

A CISO’s responsibilities include:

  • Protecting company assets from attacks and data breaches (in cooperation with the Data Protection Officer and IT)
  • TISAX® and ISO 27001/27002 certification
  • Introducing an information security management system
  • Choosing suitable methods and tools  
  • Risk management and advising company management 
  • Communication between departments

CISOs are often computer scientists or computer scientist graduates with advanced training or specialisation in the field of information security, in addition to years of experience. Depending on the company, the position of CISO can be filled by an internal employee or an external service provider.

 

 

You can learn more about the tasks of the CISO/ISO job profile here:

What qualifications does a CISO or ISO need to have?

Many roads lead to information security. Computer scientists can receive training in ISO 27001 or pursue a number of different industry certifications, such as Security+ and Network+ from CompTIA. Graduates in business administration are also great candidates for advanced training and certification as an Information Security Officer. Today, many universities even offer masters programs in cybersecurity. But it should be noted that a degree is not required for a career in information security.

Even more important is previous experience in the fields of:

  • Implementing IT security (with a good grip on critical infrastructure)
  • Setting up an ISMS
  • Certifying an ISMS in accordance with ISO 27001 / TISAX
  • Managing information security incidents
  • Staff training and awareness-raising activities
  • Negotiations and project management

Information Security Analyst, Information Security Officer and similar jobs are highly respected positions that often bring in a six-figure salary.

Salary and importance of information security experts

As mentioned at the outset, InfoSec professionals are in short supply. Information security requirements are constantly on the rise: for example, cyberattacks caused 223 billion euro in damages to the German economy last year alone. One of the tasks of CISOs and ISOs is to protect their own companies from such attacks, a protection companies are willing to pay a great deal for.

According to surveys by Glassdoor, the average earning potential is... 

  • a gross annual salary of around 70,000 EUR for Information Security Officers.
  • a gross annual salary of over 100,000 EUR for Chief Information Security Officers.

You might also be interested in:

Outsourcing the role of CISO and ISO – how external service providers can help

Not every company has the resources or the will to implement and manage information security. In some cases, the internal team might be overworked and overwhelmed by the heavy documentation load. Perhaps the team doesn’t have the right expertise for a certain project or fails a due diligence audit... When faced with challenges like these, it’s best to turn to an external service provider for guidance.

The advantage: external services are quick to purchase, and the service provider’s experience means you skirt the timely onboarding process. A good provider will assign you a personal contact. This is your go-to for all the challenges your company faces with the know-how from past experience to overcome them.

Another win: it’s cheaper to hire an external service provider than to pay the salary for a full-time company position.

At DataGuard, our customers pay just between 500 and 2,000 euro a month, depending on the complexity of their needs. Meet your information security goals today.

Book an appointment

 

 

Image CTA Expert Male 2

Are you looking to outsource an information security officer?

  • Certified external Information Security Officer (C)ISO
  • Industry specific expertise
  • One dedicated point of contact

Find out more about our scope of services and costs.

About the author