Period
to 21 October 2019

The following table provides summary statistics for permanent job vacancies with a requirement for CISM qualifications. Included is a benchmarking guide to the salaries offered over the 6 months to 21 October 2019 with a comparison to the same period in the previous 2 years.

ISACA Certified Information Security Manager (CISM)
UK
6 months to
21 Oct 2019
Same period 2018 Same period 2017
Rank 344 348 328
Rank change year-on-year +4 -20 +1
Permanent jobs citing CISM 1,272 1,538 1,799
As % of all permanent IT jobs advertised in the UK 0.93% 0.94% 1.03%
As % of the Qualifications category 4.03% 3.96% 4.23%
Number of salaries quoted 1,011 1,122 1,405
UK median annual salary £65,000 £65,000 £64,000
Median salary % change year-on-year - +1.56% -1.54%
10th Percentile £42,500 £42,500 £42,500
90th Percentile £95,000 £95,000 £91,250
UK excluding London median annual salary £60,000 £60,000 £55,000
% change year-on-year - +9.09% -8.33%

CISM is in the Academic Qualifications and Professional Certifications category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for academic qualifications or professional certifications.

All Academic and Professional Certifications
UK
Permanent vacancies requiring academic qualifications or professional certifications 31,584 38,793 42,519
As % of all permanent IT jobs advertised in the UK 23.06% 23.72% 24.40%
Number of salaries quoted 23,072 28,759 32,642
UK median annual salary £50,000 £50,000 £47,000
Median salary % change year-on-year - +6.38% +4.44%
10th Percentile £27,000 £26,250 £26,000
90th Percentile £82,500 £80,000 £77,500
UK excluding London median annual salary £45,000 £45,000 £42,500
% change year-on-year - +5.88% -

CISM
Job Vacancy Trend

Job postings citing CISM as a percentage of all IT jobs advertised.

Job vacancy trend for CISM in the UK

CISM
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing CISM.

Salary trend for CISM in the UK

CISM
Salary Histogram

The salary distribution of IT jobs citing CISM over the 6 months to 21 October 2019.

Salary histogram for CISM in the UK

CISM
Top 16 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing CISM within the UK over the 6 months to 21 October 2019. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +15 1,189 £65,000 - 136
UK excluding London +3 715 £60,000 - 83
London +13 520 £75,942 +1.26% 60
South East -31 205 £65,000 +8.33% 17
North of England +4 160 £56,611 +5.32% 23
Midlands +71 159 £51,750 -10.00% 19
West Midlands +40 113 £52,500 -7.89% 13
North West +46 85 £56,611 +13.22% 11
South West +35 74 £58,500 +6.36% 12
Yorkshire 0 67 £58,500 +11.43% 10
East of England -27 67 £65,000 -7.14% 5
East Midlands +67 46 £47,500 -28.84% 6
Scotland +22 41 £58,500 +17.00% 4
Wales +5 8 £39,000 +1.80% 3
North East +7 6 £49,750 -19.01% 2
Northern Ireland - 1 £65,000 -

For the 6 months to 21 October 2019, IT jobs citing CISM also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for CISM.

1 1,223 (96.15%) CISSP
2 884 (69.50%) Information Security
3 678 (53.30%) ISO/IEC 27001
4 665 (52.28%) Cybersecurity
5 474 (37.26%) CISA
6 370 (29.09%) Degree
7 327 (25.71%) Risk Management
8 309 (24.29%) NIST
9 294 (23.11%) Finance
10 276 (21.70%) Security Architecture
11 273 (21.46%) SIEM
12 266 (20.91%) PCI DSS
13 258 (20.28%) Management Information System
14 239 (18.79%) GDPR
15 190 (14.94%) ITIL
16 188 (14.78%) Agile Software Development
17 181 (14.23%) Security Operations
18 171 (13.44%) CRISC
19 168 (13.21%) Vulnerability Management
20 166 (13.05%) Firewall
21 165 (12.97%) Security Management
22 154 (12.11%) Data Protection
23 150 (11.79%) Penetration Testing
24 145 (11.40%) Stakeholder Management
25 138 (10.85%) TOGAF
26 131 (10.30%) CEH
27 130 (10.22%) Azure
28 124 (9.75%) Retail
29 122 (9.59%) SABSA
30 118 (9.28%) CESG Certified Professional

CISM
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 52 (4.09%) IIS
2 11 (0.86%) SharePoint
3 2 (0.16%) BizTalk Server
4 1 (0.079%) CMS
4 1 (0.079%) Elasticsearch
4 1 (0.079%) MS Exchange
4 1 (0.079%) Skype for Business
Applications
1 39 (3.07%) Microsoft Excel
2 31 (2.44%) Microsoft PowerPoint
3 5 (0.39%) Microsoft Office
Business Applications
1 8 (0.63%) Sparx Enterprise Architect
Cloud Services
1 130 (10.22%) Azure
2 112 (8.81%) AWS
3 49 (3.85%) GCP
4 43 (3.38%) Cloud Computing
5 42 (3.30%) Office 365
6 22 (1.73%) PaaS
6 22 (1.73%) SaaS
7 20 (1.57%) IaaS
8 11 (0.86%) Azure Active Directory
9 8 (0.63%) Power Platform
10 4 (0.31%) Microsoft Flow
11 3 (0.24%) Mimecast
12 2 (0.16%) Serverless
13 1 (0.079%) Dynamics 365
13 1 (0.079%) IBM Cloud
Communications & Networking
1 166 (13.05%) Firewall
2 107 (8.41%) Network Security
3 36 (2.83%) LAN
4 31 (2.44%) HTTP
4 31 (2.44%) WAN
5 26 (2.04%) Internet
6 21 (1.65%) VPN
7 15 (1.18%) TCP/IP
8 13 (1.02%) Intrusion Detection
9 8 (0.63%) DNS
10 7 (0.55%) SAN
11 5 (0.39%) PPP
12 4 (0.31%) Kerberos
12 4 (0.31%) SSL
12 4 (0.31%) Wireless
13 3 (0.24%) SMTP
14 2 (0.16%) Broadband
14 2 (0.16%) Cisco IPT
14 2 (0.16%) WLAN
15 1 (0.079%) VLAN
Database & Business Intelligence
1 23 (1.81%) Big Data
2 5 (0.39%) Power BI
3 4 (0.31%) Geospatial Data
4 3 (0.24%) GIS
5 1 (0.079%) EDRMS
5 1 (0.079%) SAP HANA
5 1 (0.079%) SQL Server
Development Applications
1 3 (0.24%) Jenkins
2 2 (0.16%) AppScan
2 2 (0.16%) JIRA
2 2 (0.16%) SonarQube
2 2 (0.16%) Visual Studio
General
1 294 (23.11%) Finance
2 124 (9.75%) Retail
3 99 (7.78%) Public Sector
4 89 (7.00%) Banking
5 72 (5.66%) Legal
6 47 (3.69%) Law
7 23 (1.81%) Marketing
8 19 (1.49%) Aerospace
9 18 (1.42%) Telecoms
10 15 (1.18%) Manufacturing
11 14 (1.10%) Games
12 12 (0.94%) Investment Banking
13 10 (0.79%) Financial Institution
14 9 (0.71%) Multimedia
15 8 (0.63%) Billing
15 8 (0.63%) Military
16 6 (0.47%) Electronics
17 3 (0.24%) Advertising
17 3 (0.24%) Pharmaceutical
18 2 (0.16%) Local Government
Job Titles
1 259 (20.36%) Security Manager
2 184 (14.47%) Analyst
2 184 (14.47%) Consultant
3 177 (13.92%) Security Analyst
4 163 (12.81%) Security Consultant
5 147 (11.56%) Architect
6 143 (11.24%) Information Analyst
6 143 (11.24%) Information Security Analyst
6 143 (11.24%) Security Architect
7 140 (11.01%) Information Manager
8 139 (10.93%) Information Security Manager
9 90 (7.08%) Security Officer
10 74 (5.82%) Security Specialist
11 64 (5.03%) Information Security Officer
12 61 (4.80%) Security Engineer
13 60 (4.72%) Head of Security
14 58 (4.56%) Information Officer
15 54 (4.25%) Cybersecurity Consultant
16 52 (4.09%) Information Security Consultant
17 47 (3.69%) Cybersecurity Manager
Libraries, Frameworks & Software Standards
1 44 (3.46%) SailPoint
2 7 (0.55%) Web Services
3 6 (0.47%) SAML
4 3 (0.24%) .NET
5 2 (0.16%) D3.js
5 2 (0.16%) LDAP
5 2 (0.16%) OAuth
6 1 (0.079%) .NET Framework
6 1 (0.079%) CSS
6 1 (0.079%) HTML
6 1 (0.079%) Middleware
6 1 (0.079%) OpenID
6 1 (0.079%) Regular Expression
Miscellaneous
1 258 (20.28%) Management Information System
2 82 (6.45%) Analytical Skills
3 59 (4.64%) Cyberthreat
4 45 (3.54%) Security Operations Centre
5 40 (3.14%) Data Protection Act
6 33 (2.59%) Self-Motivation
7 30 (2.36%) Data Centre
8 29 (2.28%) CESG
9 24 (1.89%) BYOD
9 24 (1.89%) Cyberattack
10 19 (1.49%) PMI
11 18 (1.42%) Cyber Defence
12 17 (1.34%) Distributed Denial-of-Service
12 17 (1.34%) PKI
12 17 (1.34%) Social Media
13 9 (0.71%) Mobile Computing
14 8 (0.63%) Cloud Native
14 8 (0.63%) Hybrid Cloud
14 8 (0.63%) Learning Management System
14 8 (0.63%) Online Games
Operating Systems
1 78 (6.13%) Linux
2 74 (5.82%) Windows
3 26 (2.04%) Windows Server
4 9 (0.71%) Unix
5 2 (0.16%) Android
5 2 (0.16%) Apple iOS
5 2 (0.16%) Solaris
6 1 (0.079%) Mac OS
6 1 (0.079%) Mac OS X
6 1 (0.079%) Windows Server 2008
Processes & Methodologies
1 884 (69.50%) Information Security
2 665 (52.28%) Cybersecurity
3 327 (25.71%) Risk Management
4 276 (21.70%) Security Architecture
5 273 (21.46%) SIEM
6 190 (14.94%) ITIL
7 188 (14.78%) Agile Software Development
8 181 (14.23%) Security Operations
9 168 (13.21%) Vulnerability Management
10 165 (12.97%) Security Management
11 154 (12.11%) Data Protection
12 150 (11.79%) Penetration Testing
13 145 (11.40%) Stakeholder Management
14 138 (10.85%) TOGAF
15 122 (9.59%) SABSA
16 116 (9.12%) Identity Access Management
17 111 (8.73%) Information Assurance
18 103 (8.10%) ISMS
19 100 (7.86%) Risk Assessment
20 95 (7.47%) OWASP
Programming Languages
1 51 (4.01%) Python
2 33 (2.59%) Java
3 32 (2.52%) C++
4 15 (1.18%) PowerShell
5 14 (1.10%) C
6 10 (0.79%) Perl
6 10 (0.79%) SQL
7 7 (0.55%) PHP
8 5 (0.39%) Bash Shell
8 5 (0.39%) Bourne shell
8 5 (0.39%) C#
8 5 (0.39%) JavaScript
8 5 (0.39%) Korn
8 5 (0.39%) Ruby
9 4 (0.31%) Shell Script
10 3 (0.24%) Go
11 2 (0.16%) Scala
12 1 (0.079%) Objective-C
Qualifications
1 1,223 (96.15%) CISSP
2 474 (37.26%) CISA
3 370 (29.09%) Degree
4 171 (13.44%) CRISC
5 131 (10.30%) CEH
6 118 (9.28%) CESG Certified Professional
7 115 (9.04%) Security Cleared
8 111 (8.73%) Cisco Certification
9 95 (7.47%) GIAC
10 83 (6.53%) (ISC)2 CCSP
11 81 (6.37%) SC Cleared
12 70 (5.50%) SANS
13 52 (4.09%) IISP
13 52 (4.09%) SSCP
14 50 (3.93%) ISO 27001 Lead Auditor
15 41 (3.22%) CREST Certified
16 36 (2.83%) CISMP
17 34 (2.67%) ISO 27001 Lead Implementer
18 32 (2.52%) CompTIA Security+
19 30 (2.36%) CCSP
Quality Assurance & Compliance
1 678 (53.30%) ISO/IEC 27001
2 309 (24.29%) NIST
3 266 (20.91%) PCI DSS
4 239 (18.79%) GDPR
5 104 (8.18%) COBIT
6 84 (6.60%) Cyber Essentials
7 82 (6.45%) NCSC
8 71 (5.58%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
9 45 (3.54%) Sarbanes-Oxley
10 34 (2.67%) HMG Security Policy Framework
11 32 (2.52%) NIST 800
12 25 (1.97%) RMADS
13 20 (1.57%) Cyber Essentials PLUS
14 18 (1.42%) ISAE 3402
14 18 (1.42%) ISO/IEC 27005
15 17 (1.34%) ISO 9001
16 15 (1.18%) SLA
17 13 (1.02%) COSO
18 12 (0.94%) ISO 22301
19 10 (0.79%) ISO 31000
System Software
1 34 (2.67%) Active Directory
2 10 (0.79%) VMware Infrastructure
3 8 (0.63%) Docker
4 6 (0.47%) Hyper-V
5 4 (0.31%) Virtual Machines
6 2 (0.16%) ISA Server
7 1 (0.079%) ProxySG
Systems Management
1 49 (3.85%) Nessus
2 28 (2.20%) McAfee ePO
3 24 (1.89%) SCCM
4 8 (0.63%) Single Sign-On
5 7 (0.55%) Kubernetes
6 4 (0.31%) CASB
7 3 (0.24%) Computer Emergency Response Teams
7 3 (0.24%) QRadar
7 3 (0.24%) Terraform
8 2 (0.16%) IBM Guardium
8 2 (0.16%) Microsoft Intune
8 2 (0.16%) Trend Micro Deep Security
9 1 (0.079%) Host Intrusion Detection System
Vendors
1 94 (7.39%) Microsoft
2 50 (3.93%) Splunk
3 42 (3.30%) Cisco
4 40 (3.14%) McAfee
5 35 (2.75%) Google
6 33 (2.59%) Palo Alto
7 25 (1.97%) LogRhythm
7 25 (1.97%) SolarWinds
8 23 (1.81%) Aveksa
9 22 (1.73%) Qualys
10 21 (1.65%) Forcepoint
11 20 (1.57%) Symantec
12 18 (1.42%) CA
13 17 (1.34%) CA Agile Central
14 16 (1.26%) ServiceNow
15 15 (1.18%) Progress
16 12 (0.94%) CyberArk
16 12 (0.94%) VMware
17 11 (0.86%) CheckPoint
18 10 (0.79%) Oracle