Overview
Salary increases achieved by information security specialists moving jobs recovered from 4% in the first half of 2009 to 6% in the second half. 4% was the lowest we have ever recorded and is a measure of the depth of the recession during the first half of 2009, a period when the economy was contracting at an unprecedented rate. As a result of the dramatically reduced number of vacancies and the increased supply of candidates, companies who were under immense pressure to reduce costs were able to have offers accepted on salaries that were lower than some candidates were previously earning. Not surprisingly, many candidates during 2009 and most likely into 2010 will be more interested in job security and career progression than simply salary.
Areas that were more immune to the laws of supply and demand that affected much of the information security market included penetration testing, especially CHECK Team Leaders and also CLAS consultants.
Contract rates fell during 2009 between 10% and 20% as a result of the increased competition for the substantial drop in the number of available contracts.
Outlook for 2010
There was a partial recovery in the salaries offered to information security specialists in the final quarter of 2009. This was consistent with the improved economic environment and a modest easing of the competition amongst candidates to secure positions. Shortages of candidates in particular areas of the market will no doubt emerge during 2010 and will drive average salaries higher. However, the environment for information security salaries will need to be seen in the context of a continuing sub trend growth and a general rise in unemployment for some months yet. It is likely that the relief to still have or to have recently acquired a job will continue to be the overriding sentiment for some time. We estimate that any significant increase in information security salaries will not come before late 2010 at the earliest.
Salary Survey
Barclay Simpson analyses the salary data that accumulates from the placements we make in the UK. This provides a useful guide to salaries and salary trends in information security.
This survey consists of 20 profiles of typical information security specialists for whom we have provided an approximate salary range they could realistically expect to achieve. The profiles are for good rather than exceptional individuals and take no account of other benefits that can accrue to information security specialists such as company cars, nor do they take account of non-contractual bonus and profit sharing arrangements.
Permanent Information Security positions
|
|
London |
Rest of UK |
Security Analyst
Experience including monitoring and awareness for information security. Likely to be working for a retail bank or other financial institution. |
£36,000 - £40,000 |
£30,000 - £37,000 |
CHECK Team Leader
Working for a global consultancy in their security practice. Client-facing role involving application and infrastructure pen testing. |
£65,000 - £75,000 |
£60,000 - £70,000 |
Security Manager – Outsourcing
Working for a consultancy based on client-site undertaking a role of Security Manager for the client involving security policy, processes, compliance, risk management and strategy. Managing relationship between consultancy and client. |
£65,000 - £75,000 |
£58,000 - £68,000 |
Identity Management Consultant
Solid skills in identity and access management design and architecture. Background of working in consultancy, with good client-facing skills and bid work experience. |
£56,000 - £64,000 |
£52,000 - £61,000 |
Head of Information Security Assurance
Background spanning audit and information security. Leading a team of 5 within a large commercial sector information security department facing audit and providing assurance that information security improvements have been implemented in-line with frameworks. |
£68,000 - £75,000 |
£60,000 - £68,000 |
CLAS Consultant
At a senior level within the security practice of a large consultancy or SI. Skills in technical and non-technical security areas such as security architecture, as well as security policy formulation and review, and risk assessment. Also undertakes business development activities. |
£65,000 - £74,000 |
£58,000 - £67,000 |
Security Architect
Working for a consultancy, undertaking security design and architecture for large-scale client projects. Senior person also involved in bid / proposal work and mentoring team members. |
£64,000 - £73,000 |
£57,000 - £66,000 |
Security Manager
Individual from an information security background but also some exposure to business continuity, physical security and financial crime taking on a rounded role with no reports in a small financial services company. |
£73,000 - £82,000 |
£62,000 - £70,000 |
Big 4 Senior Manager
Individual with business development experience and a policy focus to their information security experience who leads a consulting team in high level engagements. |
£80,000 - £90,000 |
£68,000 - £78,000 |
Head of Information Security
Managing a team of 20 security professionals in a financial services company, assisted by 2 more junior managers. |
£110,000 -£130,000 |
£80,000 - £95,000 |
Permanent Business Continuity positions
| |
London |
Rest of UK |
IT Service Continuity Architect
Working for a large corporate organisation reporting to UK head of business continuity. Technical role with responsibility for managing relationships with key stakeholders. |
£55,000 - £60,000 |
£47,000 - £52,000 |
Business Continuity Project Manager
Strong project management experience gained in large scale investment banking with recognised project management qualifications as well as proven BCM experience. |
£68,000 - £74,000 |
£52,000 - £64,000 |
Business Continuity Consultant
An entry level consulting role working for a large established consultancy with a business continuity division. Has a solid grounding in BC and excellent communication skills. |
£40,000 - £45,000 |
£35,000 - £41,000 |
Global BC and Crisis Manager
Established career history within BCM and CM in a large scale retail sector organisation with no direct reports. Some global project experience. |
£57,000 - £68,000 |
£50,000 - £57,000 |
Contract Information Security positions
| |
London |
Rest of UK |
IDS Analyst
Working within a government department providing day-to-day security operation of the system, monitoring the security mechanisms for security events and incidents. Analysing and responding to real-time security events / incidents and assisting in investigations. |
£300 - £350 per day |
£250 - £300 per day |
ISO 27001 Consultant
An ISO 27001 Lead Auditor working for a consultancy. Role would include advice on ISO 27001 implementation, gap analysis, risk assessment, security policy review and selection of controls to align with the standard. |
£350 - £450 per day |
£300 - £400 per day |
Identity Management Consultant
A skilled IdM consultant with experience of various identity management suites from the leading providers. Will have had exposure to the identity management process from beginning to end. Working in a commercial environment. Good client-facing skills. |
£550 - £650 per day |
£450 - £550 per day |
CLAS Consultant - DV Cleared
Experienced CLAS Consultant with DV clearance responsible for security policy development during government programmes such as Risk Management Accreditation Document Sets (RMADS) and associated documentation. |
£800 - £900 per day |
£700 - £800 per day |
Data Privacy Analyst
A data privacy analyst with experience of DPA 98 and EU Privacy Directive 95/46/EC, to provide specialist privacy knowledge and support. |
£350 - £450 per day |
£300 - £400 per day |
Contract Business Continuity positions
| |
London |
Rest of UK |
Senior Business Continuity Consultant
Working in a senior project manager role for a medium to large corporate organisation. Senior level advisory work as well as full lifecycle BCM consultancy and training at all levels. |
£510 - £610 per day |
£450 - £480 per day | |
|
|
