Home
Jobs
Upload CV
Find Talent
Careers
Cyber Security & Data Privacy Salaries – Germany
Salary trends
Recent regulatory changes are driving notable salary increases across Germany’s cyber security and data privacy recruitment markets. In particular, the Digital Operational Resilience Act (DORA) and the Cyber Resilience Act (CRA) are fuelling demand for skilled cyber professionals, pushing up pay and accelerating hiring across key sectors.
“There is a considerable amount of regulatory change occurring across the EU, and the BSI is working hard to safeguard Germany’s critical infrastructure and systems from a technical standpoint, while also creating robust policies and guidance more generally,” says Kieran Green, Principal Consultant at Barclay Simpson.
“The good news for candidates is that it’s leading to upward pressure on salaries as the market for in-demand skills becomes more competitive.”
DORA, which came into force in January 2025, has mandated stricter controls around ICT, risk, third-party oversight and incident response at financial services organisations. In an already competitive market, the new regulation has intensified the war for talent, especially professionals who are fluent in German and have experience within the financial services sector.
89% of German firms say regulations are noticeably impacting cyber spending
Source: PwC
To comply with the regulation, businesses are no longer just hiring to backfill. They are building out entire functions to build internal capabilities and avoid regulatory exposure. As a result, we have seen demand spike for cyber risk and operational resilience skills, with certain roles seeing compensation packages jump by 20–30% year on year.
The CRA, meanwhile, is forcing production and manufacturing companies across Germany to reassess their approach to digital product development and operational security.
How confident are you in the current job market?
Source: Barclay Simpson Candidate Survey
As the regulation pushes for greater accountability in the product lifecycle – from design to disposal – there’s been a marked increase in demand for embedded security engineers, product risk managers and cyber compliance leads. Talent shortages in these areas have therefore driven salaries upward, particularly for professionals experienced in IoT security, firmware risk and hardware protection.
In response, many organisations are establishing new roles and cross-functional teams focused specifically on regulatory readiness and incident response planning. Where previously cyber security was siloed in IT, it is now increasingly being integrated directly into engineering, R&D and quality control functions. This evolution is reshaping hiring strategies, with forward-thinking firms turning to specialist recruiters to access hard-to-find candidates.
Candidate motivators
Remuneration continues to be the main motivation for candidates seeking new cyber security jobs or data privacy jobs in Germany, with 39% of professionals saying it is their primary incentive.
However, a meaningful proportion of cyber and data privacy professionals also prioritise other factors, including career development (18%), remote working (16%) or a better work-life balance (16%).
Indeed, flexible work arrangements remain an important remuneration benefit for many candidates. Nearly a third (32%) chose remote working as the job perk they value the most, with only an annual bonus (37%) ranking higher.
What is your main priority when considering a new role?
Which job benefit do you value the most?
Source: Barclay Simpson Candidate Survey
Germany – Cyber security and data privacy salaries
Leadership Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| CISO (Global / EMEA) | €180k+ | €180k+ | €180k+ |
| Head of Cyber Defence | €130k – €200k | €130k – €200k | €130k – €200k |
| Head of IT Risk | €130k – €200k | €130k – €200k | €130k – €200k |
| Head of GRC (Cyber Risk) | €120k – €170k | €120k – €170k | €120k – €170k |
| Head of Information Security (dept above 10+) | €160k+ | €160k+ | €160k+ |
| Head of Information Security (dept under 10+) | €100k – €160k | €100k – €160k | €100k – €160k |
| Head of Security Architecture | €130k – €200k | €130k – €200k | €130k – €200k |
| Head of Security Operations | €120k – €150k | €120k – €150k | €120k – €150k |
| Head of Incident Response | €110k – €150k | €110k – €150k | €110k – €150k |
Governance, Risk & Compliance Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Business Information Security Officer | €115k – €160k | €115k – €160k | €115k – €160k |
| Information Security Manager (team above 5+) | €95k – €135k | €95k – €135k | €95k – €135k |
| Information Security Manager (team under 5+) | €85k – €120k | €85k – €120k | €85k – €120k |
| Information Security Officer | €100k – €130k | €100k – €130k | €100k – €130k |
| IT Risk Manager | €95k – €140k | €95k – €140k | €95k – €140k |
| Third Party Risk Lead | €85k – €115k | €85k – €115k | €85k – €115k |
| Information Security Analyst, GRC | €60k – €85k | €60k – €85k | €60k – €85k |
| Information Security Analyst, GRC (exp below 4+ years) | €50k – €75k | €50k – €75k | €50k – €75k |
Security Architecture & Engineering Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Application Security Architect | €100k – €140k | €100k – €140k | €100k – €140k |
| Application Security Engineer | €90k – €120k | €90k – €120k | €90k – €120k |
| DevSecOps Engineer | €90k – €110k | €90k – €110k | €90k – €110k |
| Information Security Engineer | €75k – €100k | €70k – €85k | €70k – €90k |
| Cloud Security Architect | €110k – €150k | €110k – €150k | €110k – €150k |
| Cloud Security Engineer | €90k – €120k | €90k – €120k | €90k – €120k |
| Enterprise Security Architect | €120k – €160k | €120k – €160k | €120k – €160k |
| Security Solutions Architect | €90k – €130k | €90k – €130k | €90k – €130k |
Cyber Defence Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Security Operations Analyst | €45k – €85k | €45k – €85k | €45k – €85k |
| Security Operations Manager | €90k – €125k | €90k – €125k | €90k – €125k |
| Head of Security Operations | €120k – €150k | €120k – €150k | €120k – €150k |
| Cyber Threat Intelligence Analyst | €60k – €90k | €60k – €90k | €60k – €90k |
| Head of Cyber Threat Intelligence | €110k – €150k | €110k – €150k | €110k – €150k |
| Incident Response Analyst | €60k – €90k | €60k – €90k | €60k – €90k |
| Incident Response Lead | €90k – €120k | €90k – €120k | €90k – €120k |
| Head of Incident Response | €120k – €150k | €120k – €150k | €120k – €150k |
| Head of Cyber Defence | €130k – €160k | €130k – €160k | €130k – €160k |
| SOC Engineer | €55k – €95k | €55k – €95k | €55k – €95k |
Business Continuity Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Business Continuity Analyst | €35k – €60k | €30k – €55k | €35k – €60k |
| Business Continuity Specialist | €70k – €90k | €70k – €90k | €70k – €90k |
| Business Continuity Manager | €60k – €85k | €60k – €75k | €60k – €85k |
| Business Continuity Lead | €80k – €120k | €80k – €120k | €80k – €120k |
| Head of Business Continuity | €100k – €140k | €100k – €140k | €100k – €140k |
Operational Resilience Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Operational Resilience Analyst | €50k – €60k | €50k – €60k | €50k – €60k |
| Operational Resilience Specialist | €70k – €90k | €70k – €90k | €70k – €90k |
| Operational Resilience Manager | €70k – €95k | €65k – €80k | €70k – €95k |
| Operational Resilience Lead | €90k – €120k | €90k – €120k | €90k – €120k |
| Head of Operational Resilience | €100k – €150k | €100k – €130k | €100k – €150k |
Identity & Access Management Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Head of IAM | €120k – €140k+ | €120k – €140k+ | €120k – €140k+ |
| IAM Manager | €90k – €130k | €90k – €130k | €90k – €130k |
| CIAM/PAM Lead | €95k – €120k | €95k – €120k | €95k – €120k |
| IAM Product Owner | €95k – €120k | €95k – €120k | €95k – €120k |
| IAM Architect | €90k – €120k+ | €90k – €120k+ | €90k – €120k+ |
| IAM Engineer | €75k – €95k | €75k – €95k | €75k – €95k |
| IAM Analyst | €60k – €85k | €60k – €85k | €60k – €85k |
Data Protection and Privacy Salaries
| Area | Berlin | Munich | Frankfurt |
|---|---|---|---|
| Analyst | €50k – €65k | €45k – €60k | €50k – €65k |
| Senior Analyst | €60k – €75k | €55k – €65k | €60k – €75k |
| Manager | €80k – €115k | €80k – €115k | €65k – €95k |
| Lead | €90k – €120k | €75k – €100k | €90k – €120k |
| Privacy Council (Lawyer) | €90k – €140k | €75k – €120k | €90k – €140k |
| Data Protection Officer | €100k – €150k | €90k – €140k | €100k – €150k |
| Global Privacy Officer / Director | €140k – €200k | €120k – €160k | €140k – €200k |
Attract and retain the cyber security and data privacy professionals you need with Barclay Simpson
Barclay Simpson has specialised in the recruitment of cyber security and data privacy professionals since 2001. Our practice covers information security, cyber security, data protection and privacy. Our long-established team has extensive experience of recruiting on a permanent and contract basis for in-house positions in commerce and FS groups, as well as consultancy and systems integration businesses, and security vendors. We can help you create a talent attraction strategy with competitive salary offerings and support you as you build a cyber security or data privacy team that’s future proof. Or we can help you find a role that aligns with your long-term career goals. Arrange a consultation today.
If you are interested in a new cyber security or data privacy position or recruitment services, get in touch today.
