ISACA CISM

CISM certification: What should your salary be in 2024

Simon Puleo
February 22, 2024 by
Simon Puleo

According to CyberSeek, there are over 572,000 job openings and 1.18 million employees working in cybersecurity. The demand for skilled professionals is growing, particularly those with specialized expertise like the Certified Information Security Manager (CISM).  

Understanding your earning potential is essential if you're considering advancing your cybersecurity career and are interested in the CISM certification. This CISM certification guide aims to be your compass, providing a comprehensive overview of CISM salaries in 2024. We'll examine the core skills and responsibilities associated with CISM certification, give you a picture of typical CISM salaries and provide tips on preparing for the CISM exam.  

Understanding CISM job roles  

Salary is important, and we'll get to that. But first, let's look at the skills validated with a CISM certification and some of the roles that current CISM holders have filled. Here is an overview of the CISM domains 

  • Information security governance: Establishing and maintaining security policies, procedures and frameworks.  
  • Information security risk management: Identifying, analyzing, and mitigating security threats and vulnerabilities.  
  • Information security program: Designing, implementing and overseeing comprehensive security programs.  
  • Incident management: Effectively managing security incidents to minimize damage and ensure recovery.  

These in-demand skills directly translate to various career paths in the constantly evolving cybersecurity field. While security manager is often the most direct route for CISM holders, the possibilities extend far beyond that single title and include:  

  • Information security manager: Leads an organization's security strategy, mitigating risk and ensuring compliance.  
  • Information technology director: Steers IT operations, optimizing infrastructure and driving efficiency.  
  • Security architect: Designs and implements secure IT infrastructure and systems.  
  • Chief information security officer (CISO): Aligns technology with business goals, overseeing all IT functions strategically.  

$150,040 average salary

$150,040 average salary

ISACA CISM is one of the industry's highest-paying cybersecurity certifications. Take your information security management career to new heights and enroll now to claim your Exam Pass Guarantee!

What is the average CISM salary?  

To provide a realistic and comprehensive picture of CISM certification salary, we've examined the salary data from trusted sources across the internet. While a single, definitive average across all sources is elusive since multiple factors affect salaries, analyzing our findings paints a clear picture. Here is a breakdown of our sources:  

  • Payscale: This site offers salary data based on self-reported information from CISM holders and may skew towards more experienced individuals.  
  • Glassdoor: Here, we find salary information for various security-related job titles (not solely CISM holders), and their data includes additional compensation like bonuses and profit-sharing.  
  • Salary.com: Similar to Glassdoor, Salary.com offers salary ranges for related job titles and often includes additional compensation.  
  • CyberSeek: This government-sponsored initiative focuses on job postings and workforce data. Here, we use the security manager role to determine salary.  

Based on our analysis of these sites, an average CISM salary likely falls between $136,000 and $172,000, with a rough estimate of around $152,037. This is quite an increase over our last estimate of $129,000. However, this is just a starting point. Know that your earning potential depends on the factors we'll discuss next.

Factors influencing CISM salaries  

While understanding the average CISM certification salary is helpful, your earning potential depends on several key factors. Let's look deeper into these influences for a more personalized picture:  

How job role affects CISM salary  

Remember the diverse career paths CISM opens up? Each role has its compensation range, reflecting responsibility, experience and industry demands. Here are some examples of average salaries from Payscale (these numbers don't include additional compensation like bonuses):  

  • Information security manager: $129,340  
  • Information technology director: $145,112  
  • Security architect: $147,532  
  • Chief information security officer: $183,139  

How experience affects CISM salary  

Experience is another primary driver of your earning potential. The more experience you have, the deeper you know security principles and the greater your value to an organization. Here is an example of average salaries for information security managers from Glassdoor (which includes additional compensation averaging $28K - $53K yearly.):  

  • Entry level (0-1 years): $110,000  
  • 1-3 years: $112,000  
  • 4-6 years: $128,000  
  • 7-9 years: $138,000  
  • 10-14 years: $158,000  
  • 15+ years: $172,000  

How location and industry affect salary  

Geography and industry also play their part in shaping your CISM salary. Regional cost-of-living and demand variations influence compensation packages. Here are some examples of average information security director salaries from around the U.S., courtesy of Salary.com 

  • California: $208,708  
  • New Jersey: $208,311  
  • Colorado: $191,167  
  • Maine: $182,407  
  • Florida: $179,758  

And here is how the industry you choose to work in can affect your CISM salary from Glassdoor, which considers the average of all industries to be $172,000:  

  • Nonprofit and NGO: $172,000  
  • Telecommunications: $166,000  
  • Education: $138,000  
  • Personal consumer services: $126,000  
  • Legal: $119,000  
  • Aerospace and Defense: $172,000  
  • Information Technology: $165,000  
  • Financial Services: $164,000  
  • Manufacturing: 144,000  
  • Education: $138,000  

Earn a $150,040 Salary with an ISACA CISM

Earn a $150,040 Salary with an ISACA CISM

The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.

CISM demand and career opportunities  

The future of cybersecurity is bright, with analysts predicting exponential growth in the need for skilled professionals. And it highlights the immense demand for qualified individuals, like CISMs.  

However, the CISM certification empowers you to do more than just fill a gap. It serves as a springboard for diverse and rewarding career paths. Here are some exciting possibilities:  

  • Dive deeper: Hone your technical expertise and transition into roles like security architect or security engineer, designing and implementing robust security solutions.  
  • Broaden your horizons: Leverage your leadership skills to become an information security analyst, investigating organizational threats and vulnerabilities.  
  • Go global: Become a sought-after security consultant, advising diverse clients on best practices and navigating complex security landscapes.  
  • Ascend the ladder: Aim for high-level roles like chief information security officer (CISO), leading and shaping an organization's security posture. If you wonder, "What is the highest salary for a CISM?" this path will take you there.  

Remember, the CISM certification is your springboard, not your ceiling. You can double down on your CISM expertise by pursuing advanced certifications or embracing the breadth of cybersecurity and exploring diverse career paths that leverage your CISM foundation.  

CISM certification trends and alternatives  

The CISM certification is not only a valuable credential for information security managers but also a reflection of the industry's changing landscape.  

According to ISACA, the organization that offers the CISM certification, the CISM exam has evolved over the years to align with the current best practices and standards. Here are some of the recent changes:  

  • The domains are the same, but the weights are different:  
    • Information security governance: 17% (was 24%)  
    • Information security risk management: 20% (was 30%)  
    • Information security program: 33% (was 27%)  
    • Incident management: 30% (was 19%)  

The incident management domain has more detail on the phases of incident response and the communication skills required 

The CISM is a valuable and widely recognized credential, but it's important to be aware of alternative options. While the CISM excels in management and governance, other certifications cater to specific technical domains. Popular alternatives include:  

  • CISSP (Certified Information Systems Security Professional): Broader security knowledge, ideal for generalists and technical specialists.  
  • CISA (Certified Information Systems Auditor): Focuses on audit and control, suitable for compliance and risk management roles.  
  • CRISC (Certified in Risk and Information Systems Control): Focuses on identifying, assessing, and mitigating IT risk, complementing CISM's management focus with a deeper understanding of risk analysis and control frameworks.  

Remember, the "best" certification depends on your individual career goals. The resources presented here should serve as a springboard for your research, not a definite prescription.  

Earn a $150,040 Salary with an ISACA CISM

Earn a $150,040 Salary with an ISACA CISM

The employment of information systems managers is projected to grow 16% by 2031. Get your ISACA CISM to launch into the field — backed with an Exam Pass Guarantee.

Preparing for your CISM  

Ready to unlock the doors of opportunity with the CISM certification? Here's a clear roadmap to guide you on your journey:  

Eligibility for the CISM exam  

  • Possess at least five years of cumulative paid work experience in information security.  
  • Three of those years must be in information security management, with one year or more in at least three of the four CISM domains.  
  • Agreement to the ISACA Code of Professional Ethics 

CISM training  

Several options can help you acquire the knowledge and skills needed to pass the CISM exam:  

  • Live boot camps: Infosec is a top ISACA partner, and our CISM Boot Camp will provide you with five days of intensive training with comprehensive exam preparation, hands-on practice and industry insights.  
  • On-demand learning: Study independently with Infosec's flexible online CISM Learning Path featuring video lectures, practice exams, and downloadable materials.  
  • Self-study: Utilize resources like study guides, practice questions and online CISM communities to help prepare.  

Additional CISM resources  

  • ISACA webinar: Gain valuable insights into industry trends and certification updates by attending our upcoming ISACA webinar 
  • CISM overview: Visit our dedicated CISM overview page for in-depth information about the exam, eligibility requirements and study resources.  

Is CISM certification worth IT?  

So, have we convinced you that the CISM certification is worth pursuing? Let's recap the reasons why:  

  • Market demand: There are currently over 572,000 open positions for skilled professionals.  
  • Career flexibility: The CISM unlocks a diverse array of career paths. The possibilities are vast and exciting, from security manager to security architect, incident response specialist, or even Chief Information Security Officer.  
  • Earning potential: The average salary of a CISM holder is $152,037.  
  • Lifelong value: The CISM certification isn't a one-time achievement. It's an investment in continuous learning and professional growth.  

CISM certification equips you with sought-after skills and positions you for financial success in the ever-growing cybersecurity field. So, take the first step towards securing your future and begin your CISM journey today! 

Simon Puleo
Simon Puleo

Simon Puleo, Certified Ethical Hacker (CEH), is an educator by day and a security researcher at night. Simon has trained employees, customers and partners on security tools, methods and practices at Contrast Security, Micro Focus and HPE. He specializes in helping apply the NIST framework working across many domains including IAM, application security, network security and SIEM. Simon is a thought leader actively engaged in researching the cyber-threat landscape and sharing his perspectives in seminars and articles.