Professional development

DoD RMF and Security Risk Management Salaries in 2018

Stephen Moramarco
December 7, 2017 by
Stephen Moramarco


As technology continues to innovate and evolve, so do its security risks. A career in security risk management, therefore, involves continuous learning and the ability to stay one step ahead of hackers, thieves, and enemies of the state. Security risk management can be a rewarding career with the top corporate position often being Chief Information Security Office (CISO). Within the Department of Defense, security managers are essential for helping implement the new Risk Management Framework (RMF), a crucial update in the way threats to the United States are assessed and mitigated. In the public sector, there are many different career paths, from freelance analyst to ethical hacker, a primary goal being to keep data accessible and secure while identifying and reducing risk.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

What is the average Risk Management salary by job role?

According to Payscale, Security risk manager positions tend to pay quite well, with the lowest average salary in the upper-$60,000s. The top credential associated with security risk management, CISO, averages $165,096.

Position Salary

Security Manager $68,251

Facility Security Officer (FSO) $70,333

Information Security Analyst $73,590

Security Director $83,058

Information Security Officer $95,457

Information Security Manager $113,015

Chief Information Security Officer $165,096

What is the average Security Risk Management salary by city?

 Risk managers living in New York City, a major technology/security hub, are duly compensated for the subsequent hike in cost of living. Our nation’s capital Washington D.C. is a distant second.

City Salary

New York, New York $119,078

Washington, District of Columbia $101,561

Chicago, Illinois $97,409

Boston, Massachusetts $97,273

Seattle, Washington $96,139

Dallas, Texas $92,270

Atlanta, Georgia $85,993

What is the average Security Risk Management salary by experience?

 Security risk management pays relatively low for those with less than five years experience. However, once you’ve achieved that benchmark, the average pay dramatically increases.

Number of years Salary

Less than 1 year $56,957

1-4 years $64,866

5-9 years $81,112

10-19 years $102,835

20 years or more $110,237

What are the benefits of becoming a Security Risk Manager?

Security risk management is a career path that is stable, growing, and vital part of nearly every organization. You will be working on the front lines of your company’s defense. If you are someone that likes to continually be challenged in a high stakes environment, these type of jobs are for you.

Do I need certification to become a security risk manager?

Certifications, while not explicitly necessary in the private sector, are often used as criteria for many security risk management positions. Additionally, someone beginning a career in risk management can use them to enhance their resumes.

In government, a number of different baseline certifications are accepted in the field of security risk management, often referred to as Information Assurance (IA). One certification that pops up in a number of DoD job descriptions is CISSP (Certified Information Systems Security Professional), issued by (ISC)².

CISSP certification can be daunting and challenging unless you have the proper preparation. Thankfully, InfoSec Institute has an award-winning seven day CISSP Boot Camp that has a 94.7% success rate.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

It’s always up to date, and available online live, with an exam pass guarantee. Online mentored and public classroom options are available as well. Are you ready to take your risk management career up to the next level? Sign up for the next Boot Camp now!

Stephen Moramarco
Stephen Moramarco

Stephen Moramarco is a freelance writer and consultant who lives in Los Angeles. He has written articles and worked with clients all over the world, including SecureGroup, LMG Security, Konvert Marketing, and Iorad.