Home
Jobs
Upload CV
Find Talent
Careers
The 2026 Barclay Simpson Salary Survey & Recruitment Trends Guide: Cyber Security
Barclay Simpson has been producing market reports across the areas we recruit for since 1990. For the 2026 edition of our Salary Survey and Recruitment Trends Guide for the cyber security market, we surveyed cyber security professionals and their employers to gather their views on the issues affecting the profession.
This includes trends affecting permanent jobs and contract jobs, as well as wider developments shaping the cyber security market, such as artificial intelligence and equality, diversity and inclusion. We also examine current salary trends and provide the latest salary ranges for cyber security jobs.
Cyber security permanent jobs market
In 2025, the lack of investment in IT transformation programmes continued to subdue the cyber security job market. Without the impetus of new IT systems needing to be secured, and in a cost-conscious climate, cyber security recruitment was largely driven by ‘business as usual’ considerations.
This lack of growth investment certainly presented continued challenges for cyber security candidates this year. However, only 44% of candidates surveyed by Barclay Simpson cited ‘too few jobs being advertised’ as a major challenge to securing a new role.
Candidates’ biggest challenges to securing a new role
| Challenge | % of candidates |
|---|---|
| Advertised salaries or day rates are too low | 62% |
| Too few jobs being advertised | 44% |
| Challenging recruitment processes | 40% |
| Hesitant to move from current role | 37% |
| Other | 7% |
Respondents could select all options that applied
There was no shortage of day-to-day work, but job vacancies typically targeted mid-level professionals, rather than career entrants or leadership.
“Most security leaders would love to take on a career entrant and develop them,” says Sophie Spencer, Senior Director at Barclay Simpson. “However, reality intervenes. They’re operating in stressful environments that call for immediate and robust responses from teams that may not be as well-resourced as they used to be.”
Meanwhile, employers continued to tell us how hard it was to find the right people. In our survey, 88% of employers said that finding skilled talent was challenging. They identified compensation and insufficient knowledge as the leading difficulties in cyber security recruitment.
Challenges in finding skilled cyber security talent
| Factor | % of employers |
|---|---|
| Compensation challenges | 83% |
| Insufficient technical/regulatory knowledge | 56% |
| Remote working policies | 44% |
| Poor cultural fit | 32% |
| Office location | 29% |
| Diversity and inclusion targets | 5% |
Respondents could select all options that applied
Growing prevalence of product security energises cyber security recruitment
Cost-conscious board members recoiled at the prospect of another IT transformation programme with no guaranteed returns. This and the sheer expense of cyber security tooling had a dampening effect on the recruitment of cyber security engineers.
With smaller security teams in many cases, more businesses chose to rely on consultancies for additional firepower during busy periods or for specific projects. This disrupted the insourcing-outsourcing cycle and hampered the recruitment of permanent cyber engineers yet further.
However, the growing prevalence of product security in 2025 provided a fresh supply of cyber security jobs for some security engineers.
“Product security is a subtle shift but one that has energised recruitment.”
“The shift-left approach of building in cyber security at ground level is well established,” says Sophie. “What we’ve seen more recently is the rise of product security, embedding security engineers in product teams from the earliest stages of development through to maintenance. Product security is a subtle shift but one that has energised recruitment.”
Tightening cyber defence around third parties
2025 marked another quiet year for governance, risk and compliance (GRC) recruitment.
A significant feature of GRC in 2025 was an increased focus on third-party risk, particularly in financial services. Regulators placed greater emphasis on understanding extended supply chains as well as direct suppliers.
“As part of this change, regulators are moving beyond traditional periodic audits, towards ongoing monitoring and more frequent assessments,” says James Lawrence, Principal Consultant at Barclay Simpson. “This is a seismic change, in response to increased cyberattacks that originate with third parties. And it has stimulated some GRC recruitment activity.”
For businesses such as major banks with expansive budgets, a significant development was the advent of GRC engineering, based on shift-left principles. This involved consideration of risk and security at earlier stages of projects.
“One effect of this approach has been to move more GRC individuals into product teams,” says James. “As development becomes more automated, people with strong GRC skillsets are needed to understand and mitigate the risks.”
“As development becomes more automated, people with strong GRC skillsets are needed to understand and mitigate the risks.”
The new DORA regulation came into effect in the early months of 2025, and the EU AI Act moved along the pipeline. And yet, these regulatory changes did not have the galvanising effect on GRC recruitment that many had hoped for. Many businesses redeployed existing resources rather than recruit new people.
Upsurge in demand for incident response
At the frontline of cyber attacks which were increasing in both quantity and sophistication, mid-level incident response professionals were very much in demand.
“We sometimes see spikes in recruitment after cyber attacks such as Jaguar Land Rover,” says Parveen Gill, Consultant at Barclay Simpson. “More commonly though, a high-profile breach will make boards more aware of the risk, and this can help boost security budgets.”
“A high-profile breach will make boards more aware of the risk and can help boost security budgets.”
Responsibilities were increasingly added to incident response roles as budgets continued to be squeezed (for example an Incident Response Engineer) – a trend not unique to this area of the cyber security jobs market.
A trend that we expect to see develop over 2026 is the outsourcing of incident response.
“Rather than having an internal incident response team, organisations will contract a retained service for any severe incident that escalates,” says Parveen.
Remote working as popular as ever
In our survey, 93% of employers anticipated that their current hybrid/remote working models would remain a long-term feature of their company.
However, the dynamics of the cyber security jobs market in 2025 put employers in a stronger position to bring more working days back to the office. Many candidates reported to our cyber security recruitment consultants that they were under pressure to reduce their home-working days.
Despite resistance from employers, remote and hybrid working was more valued than ever as a benefit. In our survey, 57% of cyber professionals identified it as their most valued benefit, compared to 41% last year. And 85% placed it in their top three benefits.
As cyber security professionals continued to experience affordability pinch points across every area of their lives, the cost of commuting made remote/hybrid working a financial necessity for some, rather than a lifestyle choice.
Which job benefits do cyber security professionals value the most?
| Benefit | % of candidates |
|---|---|
| Remote working | 57% |
| Annual bonus | 16% |
| Flexible working | 16% |
| Company share options/scheme | 4% |
| Private healthcare | 4% |
| Training allowance | 3% |
Current hybrid/remote working patterns
| Remote working frequency | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| 5 days – fully remote | 37% | 41% |
| 4 days | 17% | 18% |
| 3 days | 22% | 20% |
| 2 days | 17% | 16% |
| 1 day | 4% | 2% |
| 0 day – full time in the office | 3% | 3% |
Our survey showed no substantial change in working patterns over the year. There was also close correspondence between actual and desired working patterns. For example, 40% of candidates wanted to work on a fully remote basis, compared to 37% who already enjoyed that arrangement.
There was, however, a slight reduction in the number of candidates prepared to consider changing cyber security jobs if they did not get their desired working pattern.
Likelihood of moving jobs to get desired remote working pattern
| Response | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| Yes | 65% | 72% |
| No | 35% | 28% |
Grounds for optimism in the cyber security job market
Despite a prevailing mood of pessimism, there were grounds for optimism at the end of 2025.
The new Cyber Security and Resilience Bill offered the potential to expand cyber security duties in some sectors. At the end of 2025, PwC reported that 85% of UK businesses planned to increase their cyber budgets in 2026. And 56% of them believed that investment in cyber security would increase in the following year by over 6%.
Indeed, Barclay Simpson’s own survey found that 83% of employers of cyber security professionals were likely to recruit during 2026.
Likelihood of hiring additional permanent staff
How likely are you to hire additional permanent staff in 2026? (% of employers)
Employers worried about the detrimental effect of staff shortages. Only 17% of the cyber security hiring managers surveyed were unconcerned about this.
Impact of staff shortages on cyber security performance
Are staff shortages affecting the performance of your department/teams? (% of employers)
These green shoots were yet to revive the sombre mood of the cyber security job market at the end of 2025, however. Confidence levels of cyber security candidates ebbed slightly, according to our annual survey, with only 21% feeling very confident in the job market. High-quality professionals in employment seemed nervous about the prospect of moving jobs. This had the effect of slowing down the job market as a whole.
Candidate confidence levels in the job market
| Confidence level | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| Very confident | 21% | 34% |
| Somewhat confident | 52% | 47% |
| Not at all confident | 27% | 19% |
Contract jobs in cyber security
In another slow year for the cyber security contractor market, rates continued on the downward trajectory that started during the pandemic.
The two main factors driving (limited) demand for contractors were spend-to-save initiatives, automating processes to make long-term savings, and regulatory pressures.
“DORA and NIS2 were the two regulatory changes that generated demand for contractors,” says Jeff Mayger, Executive Consultant at Barclay Simpson. “NIS2 represented a sea change, mandating stronger third-party security measures.”
“Many cyber security leaders channelled any available budget into automation, projecting cost savings in the long term.”
Specific projects remained the primary reason for using interim support, for 40% of employers surveyed. The use of interim resources for ‘business as usual’ was almost half this amount, at 23%.
Employers’ primary reason for using interim support
| Reason | % of employers |
|---|---|
| Specific projects | 40% |
| Support BAU due to increased workloads | 23% |
| Inability to source permanent employees | 15% |
| Leverage subject matter expertise | 10% |
| Keep permanent headcount low | 8% |
| Provide cover for absences | 5% |
Employers felt increasingly confident to ask both interim and permanent team-members to spend more days in the office.
Our recruitment consultants reported that a large proportion of their interim placements in 2025 were inside IR35. And the gap between aspiration and reality widened – in our latest survey, only 54% of contractors were working outside IR35, whereas 86% preferred such an arrangement.
Types of contract worked
% candidates currently/most recently
on this contract type
% candidates preferring
this contract type
With a growing list of disadvantages, it was unsurprising to see many turn away from the contractor market.
“Rates are going down and office-working demands are going up,” says Jeff. “Many companies are keen to minimise risk and push costs on to contractors where possible. And IR35 is reducing any financial advantage that might outweigh the insecurity of contract work. Interim arrangements are becoming less attractive to even the most hardened contractors.”
“All these trends are making interim arrangements less attractive to even the most hardened and experienced contractors.”
AI in cyber security
In 2025, AI-enabled cyber attacks were on the rise, ably assisted by the mainstreaming of shadow AI. AI had quickly become part of routine work across the economy, but a survey carried out by Qualtrics revealed that only 26% of UK workers were exclusively using official, company-provided AI tools.
Meanwhile, a 2025 study carried out by Accenture found that 90% of organisations lacked the maturity to defend against AI-supported threats.
As AI-assisted attacks became more scalable and customised, not to say harder to detect, the risk of AI security rose to the top of boards’ agendas.
Some encouraging news came from PwC, which reported that 50% of UK organisations planned to prioritise their AI threat-hunting capabilities. In an important study by the Department for Science, Innovation & Technology (DSIT), Cyber Security Skills in the UK Labour Market 2025, employers were concerned about skills shortages in AI-related cyber security.
The advent of AI-assisted automation, which was already changing the role of developers, looked less career-threatening to cyber security professionals.
“In the AI era, organisations need people who think about the security and risks involved in automated code,” says James.
“In the AI era, organisations need people who think about the security and risks involved in automated code.”
The lack of entry-level cyber security jobs was a major concern. DSIT found that only 15% of cyber security recruitment was targeted at career starters.
A broader debate about the impact of AI on the entry-level job market entered mainstream discourse. Dario Amodei, CEO of Anthropic, predicted that AI would eradicate around 50% of entry-level white-collar jobs within five years.
“If the era of AI-enabled automation still requires the input of human cyber security professionals, how will the profession develop that expertise?” Parveen asked.
“If the era of AI-enabled automation still requires the input of human cyber security professionals, how will the profession develop that expertise?”
The use of AI in cyber security recruitment – employer perspectives
As in other areas of the world of work, the adoption of AI tools in recruitment soared in 2025, despite awareness of the issues it raised. Two-thirds of recruiters were planning to increase their use of AI technology to screen calls, according to LinkedIn data.
Barclay Simpson has introduced a new section in its annual survey to gain more clarity on the conflicted relationship between AI and recruitment by exploring the respective views of employers and candidates.
Employers surveyed were already making extensive use of AI to support a number of recruitment activities, particularly CV screening and shortlisting.
Employers’ use of AI in recruitment processes
| AI usage | % of employers |
|---|---|
| CV screening and shortlisting | 63% |
| Interview support (questions; transcriptions; analysis) | 59% |
| Writing and targeting job ads | 48% |
| Sourcing candidates | 41% |
| Candidate communications and scheduling | 30% |
Respondents could select all options that applied
At the same time, however, 44% of employers saw AI as a threat. One concern raised was impersonation – 50% worried about how to establish the identity of candidates through all stages of cyber security recruitment. This tallied with a Gartner prediction that by 2028 up to one in four candidate profiles could be fake.
Employers’ concerns about the impact of AI in recruitment
| Concern | % of employers |
|---|---|
| Integrity of information on CVs | 74% |
| Integrity of interviews | 55% |
| Quality of candidate sourcing and selection | 55% |
| Impersonation | 50% |
Respondents could select all options that applied
Whether these concerns were justified hinged on the real-life impact of AI. However, only 14% of employers surveyed believed that AI made cyber security recruitment both more effective and efficient.
Employers’ view of the impact of AI on recruitment processes
What impact has AI had on your recruitment processes?
(% of employers)
The use of AI in cyber security recruitment – candidate perspectives
The use of AI by candidates was clearly widespread in 2025. The release of ChatGPT in 2022 led to a 239% increase in the number of job applications sent by candidates, according to software provider, Greenhouse.
43% of candidates surveyed by Barclay Simpson had made use of AI in the application process. And yet 54% of them also felt that employers’ use of AI was worsening the cyber security recruitment process.
Candidates’ feelings about the use of AI in recruitment
How do you feel about organisations using AI during the recruitment process?
(% of candidates)
Furthermore, 57% of candidates agreed that AI did not make cyber security recruitment processes more efficient or effective. This mirrored employers’ views, 50% of whom agreed with the same statement.
Candidates’ view of the impact of AI on recruitment
What impact has AI had on recruitment processes?
(% of candidates)
Broadly, then, the survey uncovered contradictory feelings about AI in cyber security recruitment, among both employers and candidates. We expect to shed more light on AI-assisted recruitment as we accumulate this valuable data over the coming years.
Equality, diversity and inclusion in cyber security
2025 saw minimal change in the gender balance of the cyber security profession, according to our survey, with 83% of candidates identifying as male, compared to 81% in the previous year, for example.
Gender of cyber security candidates
| Gender | 2025 (% of candidates) | 2024 (% of candidates) |
|---|---|---|
| Male | 83% | 81% |
| Female | 14% | 15% |
| Prefer not to say | 2% | 3% |
| Non-binary | 1% | 1% |
Our findings are broadly in line with the DSIT report, which found that only 17% of the cyber security workforce was female, compared to 48% of the overall UK workforce.
On a slightly more positive note, DSIT reported that the gender divide became less pronounced among more junior cyber security professionals (although this had to be weighed against employers’ strong preference for mid-level professionals in this period). DSIT also noted the year-on-year narrowing of the gender gap on postgraduate cyber courses. Again, this has to be considered alongside the decrease in entry-level opportunities.
When considering the personal importance of equality, diversity and inclusion (EDI) to employers and candidates, there was a slight variance. Interestingly, though, it was employers who accorded it more importance. 52% of employers said it was very important to them personally, compared with only 43% of candidates.
Personal importance of EDI to employers and candidates
| Importance | % of employers | % of candidates |
|---|---|---|
| Very important | 52% | 43% |
| Somewhat important | 36% | 39% |
| Not at all important | 12% | 18% |
Consistent with their personal view of EDI, an overwhelming 93% of employers agreed or strongly agreed that their organisation had an effective culture of EDI. A substantial majority (86%) also saw EDI as very or somewhat important for the recruitment and retention of good candidates.
Candidates’ views of organisational commitment to EDI were not quite so strong. Only 68% of candidates surveyed believed that their organisation demonstrated a strong commitment to EDI. More worrying still, less than half (48%) of candidates said that their organisation’s commitment to EDI made a real difference.
Drilling down into the challenges faced by companies in creating a diverse and inclusive culture, 26% of employers identified the need to increase representation across leadership and the Board. Clearly, there were also concerns about cyber security recruitment itself, as 22% said that ‘building a fair hiring process’ was the biggest challenge.
Employers’ challenges in creating a diverse and inclusive culture
| Challenge | % of employers |
|---|---|
| How to increase representation among leadership/Board roles | 26% |
| Building a fair hiring process | 22% |
| Setting and tracking key performance indicators | 19% |
| Achieving pay equity | 12% |
| Insufficient employee EDI data | 7% |
| Motivating stakeholders | 5% |
| Fear of getting things wrong | 5% |
| Lack of access to EDI skilled HR resource | 2% |
| Increasing representation among leadership / Board roles | 2% |
Salary and bonus trends for cyber security
A number of in-demand and developing specialisms – such as threat intelligence, third-party risk and product security – saw moderate salary increases in 2025. In general though, salaries of cyber security jobs continued to flatline.
Almost half (44%) of the candidates we surveyed said the biggest challenge to securing a new role was ‘too few jobs being advertised’. But with businesses shying away from transformation programmes and agreeing cost-cutting cyber security budgets, candidates for cyber security jobs faced narrowing job opportunities.
“In many cases, businesses are directing what cyber security budget they have available to automation, with the prospect of long-term savings,” said Jeff Mayger, Executive Consultant at Barclay Simpson.
Redundant employees accepting lower salaries, along with contractors moving into permanent roles, have contributed to downward pressure on pay in a subdued job market.
Almost two-thirds (62%) of candidates cited low advertised salaries or day rates as their biggest job-seeking challenge. In a job market tilting in their favour, employers were often able to offset budgetary challenges by expanding their skills requirements within individual roles.
Expectations and reality
This year’s survey revealed a close alignment between candidate salary expectations and employer budgets. A significant majority of employers (87%) said that they were either somewhat or very aligned.
Over three-quarters (76%) planned to increase base salaries for existing employees by 1–4% within the following 12 months. Only 2% envisaged no increase whatsoever.
Employers’ average salary increases planned for 2026
| Planned average salary increase | % of employers |
|---|---|
| 0% | 2% |
| 1–4% | 76% |
| 5–10% | 17% |
| 10–15% | 2.5% |
| 15–20% | 2.5% |
Bonuses were ranked by 16% of candidates as their most valued benefit. Happily, 45% of employers were planning to pay the same amount of bonuses in 2026 as they did in 2025, and 17% were expecting them to be higher. That said, 23% of candidates surveyed said they received no bonus in 2025.
Candidates’ most recent bonus as % of salary
| Bonus as percentage of salary | % of candidates |
|---|---|
| 0% | 23% |
| 1–10% | 27% |
| 11–20% | 23% |
| 21–30% | 11% |
| 31–40% | 8% |
| 41–49% | 1% |
| 50–74% | 0% |
| 75–99% | 4% |
| 100–124% | 2% |
| 125–149% | 0.5% |
| 150%+ | 0.5% |
| Prefer not to say | 1.5% |
Remuneration continued to be the top reason for seeking a new job. Over two-thirds (70%) of cyber security professionals surveyed placed remuneration in their top three reasons for moving.
Interestingly, the number one reason for moving cyber security jobs was career development, selected by 31% of survey respondents. This may have reflected the growing scarcity of internal promotion opportunities, mentioned by many candidates to our consultants this year.
Cyber security salaries
The following tables provide an overview of current salary benchmarks for key cyber security roles. Figures reflect average base salaries and day rates for professionals across the UK, as well as those working remotely.
Leadership salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| CISO (Global / EMEA) | £180k+ | £180k+ | £180k+ | £1,000—£1,500+ |
| Head of Cyber Defence | £130k—£200k | £130k—£200k | £130k—£200k | £900—£1,000+ |
| Head of IT Risk | £130k—£200k | £130k—£200k | £130k—£200k | £700—£900 |
| Head of GRC (Cyber Risk) | £120k—£150k | £120k—£150k | £120k—£150k | £650—£750 |
| Head of Information Security (dept above 10+) | £150k+ | £150k+ | £150k+ | £800—£900 |
| Head of Information Security (dept under 10+) | £100k—£160k | £100k—£160k | £100k—£160k | £700—£800 |
| Head of Security Architecture | £130k—£200k | £110k—£160k | £120k—£170k | £900+ |
| Head of Security Operations | £100k—£130k | £95k—£125k | £85k—£120k | £900+ |
| Head of Incident Response | £110k—£150k | £100k—£140k | £90k—£130k | £900+ |
Governance, risk and compliance salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Business Information Security Officer | £90k—£130k | £90k—£130k | £90k—£130k | £550—£750 |
| Information Security Manager (team above 5+) | £95k—£120k | £95k—£120k | £95k—£120k | £600—£800 |
| Information Security Manager (team under 5+) | £80k—£95k | £80k—£95k | £80k—£95k | £550—£750 |
| Information Security Officer | £80k—£120k | £80k—£120k | £80k—£120k | £500—£700 |
| IT Risk Manager | £85k—£120k | £85k—£120k | £85k—£120k | £550—£750 |
| Third Party Risk Lead | £75k—£100k | £75k—£100k | £75k—£100k | £550—£650 |
| Information Security Analyst GRC | £60k—£75k | £60k—£75k | £60k—£75k | £500—£600 |
| Junior Information Security Analyst GRC | £50k—£60k | £50k—£60k | £50k—£60k | £400—£550 |
Security architecture and engineering salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Application Security Architect | £100k—£130k | £90k—£115k | £100k—£130k | £600—£800 |
| Application Security Engineer | £90k—£110k | £80k—£100k | £80k—£100k | £550—£750 |
| DevSecOps Engineer | £90k—£110k | £80k—£100k | £85k—£100k | £600—£850 |
| Information Security Engineer | £75k—£90k | £70k—£85k | £70k—£90k | £550—£800 |
| Cloud Security Architect | £100k—£130k | £90k—£115k | £100k—£130k | £600—£800 |
| Cloud Security Engineer | £90k—£110k | £80k—£100k | £80k—£110k | £600—£750 |
| Enterprise Security Architect | £100k—£140k | £100k—£120k | £100k—£140k | £650—£850 |
| Security Solutions Architect | £90k—£110k | £80k—£100k | £80k—£110k | £650—£850 |
Cyber defence salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Security Operations Analyst | £45k—£60k | £40k—£55k | £40k—£50k | £400—£600 |
| Security Operations Manager | £80k—£95k | £70k—£80k | £65k—£75k | £600—£750 |
| Head of Security Operations | £100k—£130k | £100k—£110k | £90k—£100k | £700—£900 |
| Cyber Threat Intelligence Analyst | £60k—£80k | £55k—£75k | £60k—£80k | £500—£600 |
| Head of Cyber Threat Intelligence | £100k—£120k | £95k—£110k | £80k—£110k | £600—£700 |
| Incident Response Analyst | £60k—£80k | £65k—£80k | £60k—£70k | £500—£600 |
| Incident Response Lead | £80k—£95k | £75k—£90k | £60k—£85k | £600—£700 |
| Head of Incident Response | £95k—£120k | £90k—£115k | £80k—£110k | £600—£700 |
| Head of Cyber Defence | £130k—£160k | £125k—£145k | £115k—£135k | £900—£1,000+ |
| Threat Detection Engineer | £80k—£90k | £65k—£75k | £60k—£70k | £500—£650 |
Business continuity salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Business Continuity Analyst | £35k—£60k | £30k—£55k | £35k—£55k | £450—£550 |
| Business Continuity Manager | £65k—£90k | £60k—£75k | £60k—£85k | £550—£650 |
| Business Continuity Lead | £80k—£100k | £75k—£100k | £75k—£100k | £600—£700 |
| Head of Business Continuity | £100k—£135k | £100k—£130k | £100k—£130k | £700—£850 |
Operational resilience salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Operational Resilience Analyst | £50k—£60k | £50k—£60k | £50k—£60k | £450—£550 |
| Operational Resilience Specialist | £70k—£90k | £70k—£90k | £70k—£85k | £550—£650 |
| Operational Resilience Manager | £70k—£95k | £65k—£80k | £70k—£90k | £750—£850 |
| Operational Resilience Lead | £80k—£100k | £75k—£100k | £75k—£95k | £600—£750 |
| Head of Operational Resilience | £100k—£150k | £100k—£130k | £100k—£140k | £750—£900 |
Identity and access management salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Head of IAM | £120k—£140k+ | £120k—£140k+ | £120k—£140k+ | £750—£850 |
| IAM Manager | £90k—£120k | £90k—£110k | £90k—£110k | £600—£700 |
| CIAM/PAM Lead | £95k—£120k | £95k—£110k | £95k—£110k | £500—£600 |
| IAM Product Owner | £95k—£120k | £95k—£110k | £95k—£110k | £500—£600 |
| IAM Architect | £90k—£120k+ | £90k—£115k+ | £90k—£115k+ | £600—£750 |
| IAM Engineer | £75k—£95k | £75k—£90k | £75k—£90k | £500—£600 |
| IAM Analyst | £50k—£80k | £45k—£75k | £45k—£75k | £400—£500 |
Penetration testing salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Manager level Penetration Tester | £75k—£120k | £75k—£120k | £75k—£120k | £650+ |
| Mid Level Penetration Tester | £50k—£75k | £50k—£75k | £45k—£75k | £500—£650 |
| Entry level Penetration Tester | £30k—£40k | £25k—£35k | £25k—£40k | £300—£400 |
Security transformation salaries
| Area | Central London | UK-Wide | Fully Remote | Contract Day Rate |
|---|---|---|---|---|
| Information Security Programme Manager | £80k+ | £75k+ | £75k+ | £700—£900 |
| Information Security Project Manager | £60k—£75k | £55k—£75k | £55k—£75k | £500—£700 |
| Information Security PMO Manager | £50k—£60k | £45k—£55k | £45k—£55k | £400—£500 |
| Information Security Business Analyst | £55k—£65k | £50k—£65k | £50k—£65k | £400—£700 |
| Information Security Service Delivery Manager | £70k—£80k | £65k—£80k | £65k—£80k | £500—£600 |
Attract and retain the cyber security professionals you need with Barclay Simpson
Barclay Simpson has specialised in the recruitment of cyber security professionals since 2001. Our long-established team has extensive experience of recruiting on a permanent and contract basis for in-house positions in commerce and FS groups, as well as consultancy and systems integration businesses, and security vendors.
We can help you create a talent attraction strategy with competitive salary offerings and support you as you build a cyber security team that’s future proof. Or we can help you find a role that aligns with your long-term career goals. If you are interested in a new cyber security position or recruitment services, get in touch today.
