Average ISSMP Salary [updated 2021]

Daniel Brecht
July 19, 2021 by
Daniel Brecht

If your key interest areas revolve around information security, then a management program like the Information Systems Security Management Professional (ISSMP) certification by ISC2 can catapult your career to new heights. 

If you already have a CISSP certification, the CISSP-ISSMP is one of three CISSP concentrations that can open doors and help you move into roles such as:

  • Chief information officer
  • Chief information security officer
  • Chief security officer
  • Senior security executive

There is currently a high demand for competent professionals capable of overseeing comprehensive vulnerability management/risk management programs.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Why the ISSMP certification is so popular

ISC2’s ISSMP certification is a high-level program that follows up on the CISSP. This concentration is for management roles in your organization that manage the information security program. 

The ISSMP certification program validates the ability of professionals to create and implement fundamentally strong and highly effective information system security management programs, which meet the current and future needs of global IT organizations.

CISSP-ISSMP is an advanced information security certification and requires not only being a CISSP in good standing but also having two years of cumulative, paid, full-time work experience in one or more of the six domains of the CISSP-ISSMP common body of knowledge (CBK). It covers the various regulations and standards of different areas of systems security management, operations security and planning, enterprise-wide security systems and legal and ethical issues.

The credential is popular as it focuses on the management and leadership aspects of information security; it builds on expertise in hot topics for any organization including project management, risk management, security awareness programs and business continuity planning. Professionals can prove to have the ability to oversee best practices to protect and detect against existing or emerging threats as well as distributing actionable intelligence on them promptly.

Average pay after gaining an ISSMP certification

On completion of the Information Systems Security Management Professional (ISSMP) program, you will have a definite edge in the information systems security market. ISC2 indicates that the average salary of a CISSP-ISSMP certified professional is $140,340. But just how much value does the ISSMP certification hold? On average, certified ISC2 members report earning 35% more than non-members.

You can see the average salary by job position in the following table:

Job title Salary data

Cyber security analyst $110,000

Information technology (IT) manager $124,000

Information security manager $125,000

Information technology (IT) director $165,000

Risk manager $190,000

Source: PayScale (last updated May 2021)

According to, “the experience level is the most important factor in determining the salary. Naturally the more years of experience the higher your wage.” 

Based on the average change in salary over time, on average, professionals double their starting salary by the time they cross the 10 years’ experience mark.

All that hard work to be certified can really pay off in the form of great wages. The average salary of an information security manager in the United States is around $141,000 with an actual range of $70,700-$219,000 per year, while a person working as a chief information security officer typically earns around $139,000, with a range of $66,800-$218,000, as per Salary Explorer. Of course, the pay will vary significantly depending on geographic location, specific job duties, years of experience and training.

Take-home pay varies from one city to the next.

Here’s a salary comparison by city for an information security manager.

  • Chicago: $165,000 
  • Los Angeles: $161,000 
  • Memphis: $143,000 
  • Washington D.C.: $140,000 
  • Seattle: $138,000

Here’s a salary comparison by city for a chief information security officer.

  • New York: $170,000 
  • Philadelphia: $165,000 
  • Houston: $163,000 
  • Phoenix: $158,000 
  • Jacksonville: $148,000 

Unfortunately, there continues to be a gender gap in the rate of pay for the same jobs. However, there was recently an increase in hiring and promoting women for management and executive-level positions (29%, which is the highest number ever recorded in 2019 and 2020 in North America). Though they remain widely underrepresented, the proportion of women in senior management roles is growing (16% are chief information officers, as recorded in 2020 by Catalyst, a global nonprofit working to accelerate and advance women into leadership). ISSMP could be another helpful tool for many women to climb the corporate ladder in cybersecurity.

What sets ISSMP certification apart from other information security certifications?

The CISSP-ISSMP certification provides an overview of various managerial elements related to the ever-changing information security landscape. What sets this credential apart from other similar qualifications is that the ISC2 exam of 125 questions is experience-based and tests on the topic areas relevant to the roles and responsibilities of today’s cybersecurity professionals who work with information security programs and possess some management talent. 

Here are the core areas of focus in the ISSMP program that revolve around six domains, as found in the certification exam outline (May 2018):

  • Domain 1: leadership and business management. This is a key area of the ISSMP program that lays emphasis on the system development life cycle (SDLC) and focuses on the integration of information security processes and principles into various critical business initiatives.
  • Domain 2: systems lifecycle management. This domain emphasizes the effective management of information system security.
  • Domain 3: risk management. This is a key domain that focuses on risk, which is ever-present in business and the field of cybersecurity.
  • Domain 4: threat intelligence and incident management. This domain focuses on deploying an advanced threat intelligence solution that strengthens incident response with actionable insights to make faster and better decisions on high-level situations (potential vulnerabilities) that represent the greatest risk to the business.
  • Domain 5: contingency management. This is a key domain that centers on managing contingency operations and maintaining business continuity plans (BCPs), continuity of operations plans (COOPs) and disaster recovery plans.
  • Domain 6: law, ethics and security compliance management. This domain helps create an in-depth understanding of various laws and regulations applicable to an organization that will ensure the appropriate protective controls and ethics are employed, audited and validated to safeguard sensitive information and systems, as well as stresses the implications of non-compliance. 

As you can see, the ISC2 program offers a deep insight into key elements like risk and vulnerability management, incident management, contingency management, security compliance management and traditional practices of project management and SDLC management.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Pursue an ISSMP salary 

The ISSMP is one of the CISSP concentrations and centers around security management, budget, training and metrics. It is a credential intended for leadership roles, including chief information officers, chief information security officers, chief security officers or senior security executives. This certification then can serve as an effective stepping stone to top-level c-suite positions.

For those looking ahead in their career, the CISSP-ISSMP certificate program is a great addition to any system manager’s resume, as proof of their documented expertise and commitment to their profession. It also offers great potential for a better position and a better salary.



Daniel Brecht
Daniel Brecht

Daniel Brecht has been writing for the Web since 2007. His interests include computers, mobile devices and cyber security standards. He has enjoyed writing on a variety of topics ranging from cloud computing to application development, web development and e-commerce. Brecht has several years of experience as an Information Technician in the military and as an education counselor. He holds a graduate Certificate in Information Assurance and a Master of Science in Information Technology.