An IT security manager holding a laptop confers with a team member

IT Security Manager: Key Skills and Job Description


In any organization, every employee is responsible for maintaining information technology (IT) security. Clicking on suspicious emails and downloading unsecured files from the internet can result in a cyberattack on the organization’s network. Employees are educated on phishing and malware attacks through the leadership of their organization’s IT security manager.  To succeed in this important role, IT professionals need key soft skills and technical knowledge. An advanced degree can put a professional on the path to become a future IT security manager.

IT Security Manager at a Glance

By 2020, an estimated 10 billion consumer and business devices will connect to the Internet of Things (IoT), according to an IoT Analytics report. As the number of connected devices grows, so does the potential of cyber threat attacks to computer networks and systems.

IT security managers lead a team of IT security professionals in planning and implementing programs that protect organizations from cyber threats. IT security managers identify current security threats and predict future attacks.

Cyberattacks are common. According to Cisco, a U.S. multinational high-tech conglomerate, 56% of organizations experienced a significant security event, such as computer viruses, security breaches, and hacking attempts by cybercriminals, in 2018. IT security managers may face dozens of cyber threats each day. When an attack is successful, the costs to the organization are high.

In 2019, the average data breach in the U.S. cost $8.19 million, according to IBM. These costs include fines, remediation, and lost business during and even years after the event. Security protocols could have reduced these costs. As an example, organizations with a security incident response team can reduce the cost of a breach by an average of $360,000, according to IBM.

IT Security Manager Job Description    

While an IT security manager’s job description varies by organization size and technical requirements, IT security managers are responsible for designing, directing, and delivering on IT security-related activities in an organization.

IT security managers touch nearly all aspects of a business. They work with other managers, project leaders, general employees, and top executives to understand how IT security can support and protect business goals. IT security managers ensure that business processes remain secure without disruptions or compromising events. When issues or security incidents occur, IT security managers must quickly remediate the problem and communicate with the company’s leadership to prepare for any business repercussions.

IT security managers must serve as a bridge between the employee—often the end-user of security processes—and the technical aspects of IT security. IT security managers must be experts in designing secure networks and understanding how components, such as antivirus software and endpoint security solutions, work together to create a secure network. Using their technical expertise and analytical skills, IT security managers collaborate with internal operations and third-party vendors to ensure that any new hardware or software installation on the organization’s network meets business and security standards.

In large organizations, IT security managers only may lead one aspect of IT security, such as leading a computer security incident response team or testing for network vulnerabilities with penetration testing teams. However, many IT security managers are responsible for multiple aspects of security. They often manage other IT security professionals who execute security programs and support daily business operations. IT security managers lead collaboratively, working with their teams to develop strong security systems.

Gaining Skills with an Advanced Degree

Many IT security manager job descriptions require technical expertise and leadership capabilities to support ongoing IT security. Organizations also look for candidates who are graduates from advanced programs, like Norwich University’s online Master of Science in Cybersecurity program.

Norwich University’s program features four core courses: Foundations and Historical Underpinnings of Information Assurance, Information Assurance Technology, Human Factors and Managing Risk, and Information Assurance Management & Analytics. Five concentrations enable students to explore specific areas of interest including:

  • Computer Forensics Investigation and Incident Response Team Management

Coursework prepares students to lead a security response team after a security incident. Students learn how to train and manage a team to avoid personnel burnout during an incident and complete an investigation after the incident.

  • Critical Infrastructure Protection and Cyber Crime

Critical infrastructure, such as water, electricity, and health care, is a target for cybercriminals who threaten U.S. national security. In this concentration, students explore risk management frameworks that organizations and leaders use to identify threats through technologies while reducing the risks of using such technologies.

  • Cyber Law and International Perspectives on Cyber Space

Students concentrating on Cyber Law and International Perspectives on Cybers Space explore the legal issues of public cyberspace such as privacy. Coursework examines the various governance frameworks for information assurance used around the globe and how these frameworks impact criminal, civil, regulatory, and international laws.

  • Project Management

Students examine the elements of project management for direct application to leading IT security projects in an organization. After learning the fundamentals of project management, students can enhance leadership skills in the Project Management Leadership, Communications, and Teams course or improve strategic management skills in the Strategic Management in Program Management course.

  • Vulnerability Management

In Vulnerability Management, students use open source programming in a virtual lab to access security controls and test for vulnerabilities in a security system. Coursework explores the legal and ethical tests and assessments, vulnerability rules of engagement, and how to monitor a large enterprise.

Salary and Job Growth Projection

According to the U.S. Bureau of Labor Statistics (BLS), computer and information systems managers, which include IT security managers, earned a median annual salary of $142,530 in 2018. A number of factors affect this salary, such as sector, location, and years of experience.

The BLS reported that the top-ranked sector in salary in 2018 for managers in the information sector was $157,810. The finance and insurance sector ranked second at $148,620, while the manufacturing sector was last at $143,910.

States along the East and West coasts had the highest annual salaries. Computer and information systems managers in New York earned $190,310, followed by California at $180,250 in 2018, according to the BLS.

Most IT security manager job descriptions require candidates to have several years of experience before stepping into the role. However, some organizations hire managers with only a few years of experience. According to PayScale, IT security managers with less than a year of experience earn a median annual salary of $81,000. Pay increased to $102,000 for those with five to nine years of experience in 2019.

As organizations ramp their security efforts, the demand for quality IT security managers increases. From 2018 to 2028, the BLS projects employment for computer and information systems managers to grow by 11%, faster than the national average of 5%.

Step Into an IT Career

According to Cisco, 94% of organizations know they must further develop their IT security programs. Organizations need people with the expertise to develop strong enterprise security systems and prevent malicious and costly security events. Aspiring IT professionals can explore Norwich University’s Master of Science in Cybersecurity program and its five concentrations to prepare for an advanced role in information security.


Recommended Readings

Career Paths in Information Security: What Is Cyber Law?
How Critical Infrastructure Protection Fits into a Cybersecurity Career
A Key Role in Cyber Security: How to Become a Penetration Tester


State of the IoT 2018: Number of IoT Devices Now at 7B – Market Accelerating, IoT Analytics
All Companies Are Technology Companies, Thomson Reuters
The Security Bottom Line, Cisco
What Are the Most Common Cyber Attacks?, Cisco
How Much Would a Data Breach Cost Your Business?, IBM
Cost of a Data Breach Report 2019, IBM
Data Breaches Increased 54% in 2019 So Far, TechRepublic
The Job Description for an Information Security Manager, Houston Chronicle
Master of Science in Cybersecurity, Norwich University
Computer and Information Systems Managers, U.S. Bureau of Labor Statistics
Occupational Employment and Wages, Computer and Information Systems Managers, U.S. Bureau of Labor Statistics
Average Security Manager, IT Salary, PayScale

Learn More Today

Complete the form on the next page to request more information about our online programs.

Request Info