Period
to 29 March 2020

The following table provides summary statistics for permanent job vacancies with a requirement for CISM qualifications. Included is a benchmarking guide to the salaries offered over the 6 months to 29 March 2020 with a comparison to the same period in the previous 2 years.

ISACA Certified Information Security Manager (CISM)
UK
6 months to
29 Mar 2020
Same period 2019 Same period 2018
Rank 313 357 332
Rank change year-on-year +44 -25 -21
Permanent jobs citing CISM 1,143 1,327 1,682
As % of all permanent jobs advertised in the UK 0.96% 0.89% 0.96%
As % of the Qualifications category 4.48% 3.63% 4.02%
Number of salaries quoted 944 973 1,367
Median annual salary £62,500 £65,000 £65,000
Median salary % change year-on-year -3.85% - -
10th Percentile £43,750 £42,500 £45,000
90th Percentile £90,000 £99,100 £97,500
UK excluding London median annual salary £60,000 £60,000 £58,000
% change year-on-year - +3.45% +5.45%

CISM is in the Academic Qualifications and Professional Certifications category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for academic qualifications or professional certifications.

All Academic and Professional Certifications
UK
Permanent vacancies requiring academic qualifications or professional certifications 25,526 36,587 41,830
As % of all permanent IT jobs advertised in the UK 21.50% 24.51% 23.75%
Number of salaries quoted 18,782 26,486 32,270
Median annual salary £50,000 £50,000 £47,500
Median salary % change year-on-year - +5.26% +5.56%
10th Percentile £27,500 £26,714 £26,250
90th Percentile £82,500 £81,250 £80,000
UK excluding London median annual salary £46,500 £45,000 £42,500
% change year-on-year +3.33% +5.88% +1.80%

CISM
Job Vacancy Trend

Job postings citing CISM as a proportion of all IT jobs advertised.

Job vacancy trend for CISM in the UK

CISM
Salary Trend

3-month moving average salary quoted in jobs citing CISM.

Salary trend for CISM in the UK

CISM
Salary Histogram

Salary distribution for jobs citing CISM over the 6 months to 29 March 2020.

Salary histogram for CISM in the UK

CISM
Top 17 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing CISM within the UK over the 6 months to 29 March 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +40 1,049 £63,000 -3.08% 77
UK excluding London +19 626 £60,000 - 54
London +50 481 £67,500 -10.00% 29
South East +38 199 £65,000 +8.33% 13
North of England +9 136 £56,611 -5.65% 19
Midlands +72 129 £55,000 -4.35% 5
West Midlands +70 106 £55,000 -4.35% 4
South West +12 78 £57,500 -2.13% 6
North West +15 69 £55,000 -16.89% 9
Work from Home -8 68 £62,500 -9.98% 2
Yorkshire +17 65 £57,500 +4.55% 9
Scotland +63 44 £55,000 +8.91% 5
East of England +6 31 £65,000 +8.33% 5
East Midlands +22 21 £60,000 -4.00% 1
Wales -8 12 £57,500 -17.86% 1
North East 0 2 £70,000 +5.38% 1
Northern Ireland - 2 £50,000 -

For the 6 months to 29 March 2020, IT jobs citing CISM also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for CISM.

1 1,071 (93.70%) CISSP
2 847 (74.10%) Information Security
3 690 (60.37%) Cybersecurity
4 558 (48.82%) ISO/IEC 27001
5 394 (34.47%) CISA
6 351 (30.71%) Risk Management
7 309 (27.03%) Finance
8 249 (21.78%) GDPR
9 243 (21.26%) Firewall
10 232 (20.30%) Management Information System
11 216 (18.90%) Degree
12 211 (18.46%) NIST
13 204 (17.85%) SIEM
14 201 (17.59%) PCI DSS
15 188 (16.45%) Security Management
16 173 (15.14%) Cisco Certification
17 171 (14.96%) Data Protection
17 171 (14.96%) Penetration Testing
17 171 (14.96%) CRISC
18 156 (13.65%) Security Cleared
19 153 (13.39%) Security Architecture
20 143 (12.51%) Agile Software Development
20 143 (12.51%) Security Operations
21 141 (12.34%) CESG Certified Professional
22 135 (11.81%) Risk Assessment
23 127 (11.11%) Legal
23 127 (11.11%) Azure
24 126 (11.02%) CEH
25 121 (10.59%) Information Security Management
25 121 (10.59%) ITIL

CISM
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 69 (6.04%) IIS
2 9 (0.79%) SharePoint
3 3 (0.26%) MS Exchange
4 1 (0.087%) Apache
4 1 (0.087%) Confluence
4 1 (0.087%) Elasticsearch
4 1 (0.087%) JBoss
4 1 (0.087%) Tomcat
4 1 (0.087%) WebLogic
4 1 (0.087%) WebSphere
Applications
1 21 (1.84%) Microsoft Excel
2 18 (1.57%) Microsoft PowerPoint
3 10 (0.87%) Microsoft Office
4 4 (0.35%) MS Visio
5 1 (0.087%) Microsoft Project
Business Applications
1 4 (0.35%) Sentinel
2 2 (0.17%) Dynamics CRM
2 2 (0.17%) Dynamics NAV
3 1 (0.087%) Sparx Enterprise Architect
Cloud Services
1 127 (11.11%) Azure
2 90 (7.87%) AWS
3 59 (5.16%) Office 365
4 38 (3.32%) PaaS
5 36 (3.15%) IaaS
6 26 (2.27%) Cloud Computing
7 20 (1.75%) SaaS
8 14 (1.22%) Azure Active Directory
8 14 (1.22%) GCP
9 12 (1.05%) Serverless
10 10 (0.87%) G Suite
10 10 (0.87%) Mimecast
11 5 (0.44%) Power Platform
11 5 (0.44%) PowerApps
12 2 (0.17%) Dynamics 365
13 1 (0.087%) AWS CloudFormation
13 1 (0.087%) AWS CodeDeploy
Communications & Networking
1 243 (21.26%) Firewall
2 100 (8.75%) Network Security
3 81 (7.09%) Intrusion Detection
4 49 (4.29%) Internet
5 31 (2.71%) TCP/IP
6 29 (2.54%) LAN
7 27 (2.36%) DNS
8 26 (2.27%) WAN
9 21 (1.84%) VPN
10 18 (1.57%) SAN
11 16 (1.40%) DHCP
12 12 (1.05%) Wireshark
13 10 (0.87%) HTTP
13 10 (0.87%) SMTP
14 9 (0.79%) Wi-Fi
15 8 (0.70%) PPP
16 7 (0.61%) Broadband
16 7 (0.61%) Cisco ASA
16 7 (0.61%) NAS
16 7 (0.61%) SNMP
Database & Business Intelligence
1 8 (0.70%) SQL Server
2 6 (0.52%) Big Data
3 5 (0.44%) Power BI
4 2 (0.17%) Maltego
5 1 (0.087%) Data Warehouse
5 1 (0.087%) GIS
5 1 (0.087%) Informix
Development Applications
1 10 (0.87%) Burp Suite
1 10 (0.87%) Metasploit
2 7 (0.61%) WinDbg
3 2 (0.17%) JIRA
4 1 (0.087%) AppScan
4 1 (0.087%) Jenkins
4 1 (0.087%) Snyk
4 1 (0.087%) SonarQube
4 1 (0.087%) Sonatype Nexus
4 1 (0.087%) Team Foundation Server
General
1 309 (27.03%) Finance
2 127 (11.11%) Legal
3 78 (6.82%) Law
3 78 (6.82%) Public Sector
4 42 (3.67%) Retail
5 30 (2.62%) Banking
6 27 (2.36%) Marketing
7 21 (1.84%) Telecoms
8 19 (1.66%) Aerospace
9 11 (0.96%) Manufacturing
10 10 (0.87%) Advertising
10 10 (0.87%) Military
11 8 (0.70%) Electronics
12 7 (0.61%) Financial Institution
13 6 (0.52%) Games
14 4 (0.35%) Investment Banking
14 4 (0.35%) Local Government
15 3 (0.26%) Back Office
15 3 (0.26%) Police
15 3 (0.26%) Retail Banking
Job Titles
1 255 (22.31%) Security Manager
2 211 (18.46%) Analyst
3 173 (15.14%) Information Security Manager
4 170 (14.87%) Information Manager
4 170 (14.87%) Security Analyst
5 165 (14.44%) Consultant
6 153 (13.39%) Security Consultant
7 107 (9.36%) Security Engineer
8 102 (8.92%) Information Analyst
8 102 (8.92%) Information Security Analyst
9 81 (7.09%) Architect
10 80 (7.00%) Security Architect
11 78 (6.82%) Cybersecurity Consultant
12 71 (6.21%) Security Specialist
13 51 (4.46%) Security Officer
14 43 (3.76%) Senior Analyst
15 41 (3.59%) IT Manager
16 40 (3.50%) Head of Security
17 39 (3.41%) Information Security Consultant
18 38 (3.32%) IT Security Manager
Libraries, Frameworks & Software Standards
1 29 (2.54%) SailPoint
2 11 (0.96%) Middleware
3 7 (0.61%) ModSecurity
3 7 (0.61%) Regular Expression
3 7 (0.61%) RESTful
4 5 (0.44%) Web Services
5 2 (0.17%) .NET
5 2 (0.17%) LDAP
5 2 (0.17%) TensorFlow
6 1 (0.087%) D3.js
6 1 (0.087%) OAuth
6 1 (0.087%) OAuth2
6 1 (0.087%) OpenID
6 1 (0.087%) XACML
Miscellaneous
1 232 (20.30%) Management Information System
2 77 (6.74%) Analytical Skills
3 49 (4.29%) Self-Motivation
4 46 (4.02%) Cyberthreat
5 36 (3.15%) Data Protection Act
6 31 (2.71%) Cyberattack
7 29 (2.54%) Security Operations Centre
8 26 (2.27%) Data Centre
9 22 (1.92%) Cyber Defence
9 22 (1.92%) User Experience
10 18 (1.57%) Public Cloud
11 16 (1.40%) CESG
12 13 (1.14%) Enterprise Software
13 12 (1.05%) Reinsurance
14 9 (0.79%) BYOD
14 9 (0.79%) Distributed Denial-of-Service
14 9 (0.79%) Greenfield Project
14 9 (0.79%) Mobile Computing
14 9 (0.79%) SWIFT
15 8 (0.70%) Smart Energy
Operating Systems
1 95 (8.31%) Linux
2 81 (7.09%) Windows
3 29 (2.54%) Unix
4 20 (1.75%) Windows Server
5 13 (1.14%) Windows Server 2012
6 6 (0.52%) Kali Linux
6 6 (0.52%) Windows 10
7 4 (0.35%) Windows 7
7 4 (0.35%) Windows Server 2008
8 2 (0.17%) Apple iOS
8 2 (0.17%) Windows Server 2016
9 1 (0.087%) Android
Processes & Methodologies
1 847 (74.10%) Information Security
2 690 (60.37%) Cybersecurity
3 351 (30.71%) Risk Management
4 204 (17.85%) SIEM
5 188 (16.45%) Security Management
6 171 (14.96%) Data Protection
6 171 (14.96%) Penetration Testing
7 153 (13.39%) Security Architecture
8 143 (12.51%) Agile Software Development
8 143 (12.51%) Security Operations
9 135 (11.81%) Risk Assessment
10 121 (10.59%) Information Security Management
10 121 (10.59%) ITIL
11 117 (10.24%) Information Assurance
12 106 (9.27%) Vulnerability Management
13 104 (9.10%) ISMS
14 100 (8.75%) Stakeholder Management
15 98 (8.57%) Threat Intelligence
16 79 (6.91%) TOGAF
17 76 (6.65%) Cyber Threat Intelligence
Programming Languages
1 47 (4.11%) Python
2 33 (2.89%) PowerShell
3 31 (2.71%) C
4 30 (2.62%) SQL
5 29 (2.54%) Perl
6 26 (2.27%) Bash Shell
7 23 (2.01%) Java
8 7 (0.61%) C#
8 7 (0.61%) C++
8 7 (0.61%) Ruby
8 7 (0.61%) VBScript
9 2 (0.17%) Go
9 2 (0.17%) Julia
9 2 (0.17%) MATLAB
9 2 (0.17%) R
9 2 (0.17%) Scala
Qualifications
1 1,071 (93.70%) CISSP
2 394 (34.47%) CISA
3 216 (18.90%) Degree
4 173 (15.14%) Cisco Certification
5 171 (14.96%) CRISC
6 156 (13.65%) Security Cleared
7 141 (12.34%) CESG Certified Professional
8 126 (11.02%) CEH
9 111 (9.71%) SC Cleared
10 106 (9.27%) (ISC)2 CCSP
11 74 (6.47%) IISP
12 73 (6.39%) SANS
13 57 (4.99%) GIAC
14 53 (4.64%) CCSP
15 50 (4.37%) CISMP
16 49 (4.29%) CCNP
17 42 (3.67%) ISO 27001 Lead Auditor
18 41 (3.59%) ISO 27001 Lead Implementer
19 38 (3.32%) CompTIA Security+
19 38 (3.32%) SSCP
Quality Assurance & Compliance
1 558 (48.82%) ISO/IEC 27001
2 249 (21.78%) GDPR
3 211 (18.46%) NIST
4 201 (17.59%) PCI DSS
5 108 (9.45%) Cyber Essentials
6 105 (9.19%) NCSC
7 66 (5.77%) COBIT
8 46 (4.02%) Sarbanes-Oxley
9 42 (3.67%) HMG Security Policy Framework
10 40 (3.50%) QA
11 35 (3.06%) SLA
12 31 (2.71%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
12 31 (2.71%) JSP 440
13 28 (2.45%) NIST 800
14 25 (2.19%) RMADS
15 24 (2.10%) Cyber Essentials PLUS
16 17 (1.49%) HIPAA
17 16 (1.40%) ISO 9001
18 15 (1.31%) ISO 22301
19 12 (1.05%) ISO/IEC 27005
System Software
1 55 (4.81%) Active Directory
2 15 (1.31%) VMware Infrastructure
3 9 (0.79%) Hyper-V
4 2 (0.17%) Virtual Machines
5 1 (0.087%) ACF2
5 1 (0.087%) Docker
5 1 (0.087%) Snort
Systems Management
1 48 (4.20%) Nessus
2 12 (1.05%) Nmap
2 12 (1.05%) QRadar
3 7 (0.61%) SCCM
4 6 (0.52%) CASB
4 6 (0.52%) McAfee ePO
5 5 (0.44%) WSUS
6 4 (0.35%) CSIRT
7 3 (0.26%) IBM Guardium
7 3 (0.26%) Microsoft Intune
7 3 (0.26%) OSSEC
7 3 (0.26%) Single Sign-On
7 3 (0.26%) Terraform
8 2 (0.17%) Ansible
8 2 (0.17%) Computer Emergency Response Teams
8 2 (0.17%) Host Intrusion Detection System
8 2 (0.17%) HP Fortify
9 1 (0.087%) Computer Incident Response Team
9 1 (0.087%) OpenVAS
9 1 (0.087%) Puppet
Vendors
1 86 (7.52%) Microsoft
2 58 (5.07%) Splunk
3 46 (4.02%) Cisco
4 33 (2.89%) Qualys
5 28 (2.45%) Aveksa
6 26 (2.27%) ArcSight
6 26 (2.27%) CyberArk
6 26 (2.27%) Sun
7 19 (1.66%) McAfee
7 19 (1.66%) Palo Alto
8 18 (1.57%) LogRhythm
9 17 (1.49%) VMware
10 14 (1.22%) CheckPoint
10 14 (1.22%) Meraki
11 12 (1.05%) Capita
11 12 (1.05%) Dell
11 12 (1.05%) HP
11 12 (1.05%) Intel
12 11 (0.96%) Citrix
13 10 (0.87%) Apple