Survey shows growing business role for information security managers

Its Information Security Career Progression Survey suggests that information security managers experiencing significant career momentum are “closely aligned with business goals and priorities”. When asked what their next career step will be, 40.6% of respondents said they intend to step into an executive management role, 40.6% also intend to step into a chief information security officer role and 27.1% see themselves in a chief security officer role. The survey also revealed that the top five most common activities performed by information security managers in their current positions are risk management, security programme management, data security, policy creation, and maintenance and regulatory compliance. “The role of information security management is quickly evolving to direct the use of technology to solve or prevent business problems instead of being a purely technical specialization,” said Lynn Lawton, international president of ISACA. “It is encouraging to see that CISMs are taking increased responsibility for business functions such as risk management, governance and architecture. These activities help protect the value that information provides to enterprises around the world.”