Management, compliance & auditing

How to Break Into the Field of Security Risk Management

Stephen Moramarco
February 8, 2018 by
Stephen Moramarco

A career in risk management takes place along the front lines of the ongoing cyber war. You must be logical, analytical and level-headed in order to lead the way and keep your company secure.

What is Risk Management?

A security risk manager’s job is to identify and prioritize threats to a company’s well-being and protect its assets (i.e., networks, servers and data). This involves both creating, implementing and enforcing IT protocols that everyone must follow, such as password, encryption and firewall policies. A risk manager must also develop a security escalation procedure, do continual assessments and keep the entire team vigilant. As such, you must be a problem solver as well as a good communicator and leader.

How Do You Become a Risk Manager?

A bachelor’s degree is mandatory, and an MBA is highly desirable. An IT and/or security background is important. To get started, you might want to get a beginning certification such as Security+ or GSEC. Contract work in security is a good way to get your feet wet and gain experience. You may choose many paths, perhaps beginning as a security analyst or a database security engineer. As you move through the ranks, you will learn to develop risk management frameworks and how to oversee teams of people.

Risk management job titles include:

  • Security manager
  • IT risk & security specialist
  • Risk manager
  • Information security officer
  • CISO
  • Security Architect

What Are the Best Certifications for a Career in Risk Management?

It’s also highly desirable for risk managers to be certified as they move up the chain. Some of the top certifications in risk are:

Risk management careers in certain sectors may seek special certifications, such as Certified Professional in Healthcare Risk Management (CPHRM), administered by the American Hospital Association.

What Is the Average Salary of a Risk Manager?

Generally speaking, risk managers tend to be highly valued and highly paid. According to, a security risk manager starts with an average salary of $84,535. The average salary of a CISO is $160,845.

Is Risk Management a Good Career?

As with most careers, the answer is subjective. Generally speaking, those in risk and security enjoy generous salaries and report a high level of job satisfaction. But it does seem to come at a cost: the hours are usually very long and the stress is often high.


A career in risk management requires having good technical knowledge but also strong people skills. There are many different paths through auditing, forensics, consulting or web development. Information security is a growing field as new technology inevitably brings new vulnerabilities.


Stephen Moramarco
Stephen Moramarco

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.