Period
to 18 December 2018

The following table provides summary statistics for permanent job vacancies with a requirement for CISM qualifications. Included is a benchmarking guide to the salaries offered over the 6 months to 18 December 2018 with a comparison to the same period in the previous 2 years.

ISACA Certified Information Security Manager (CISM)
UK
6 months to
18 Dec 2018
Same period 2017 Same period 2016
Rank 337 327 317
Rank change year-on-year -10 -10 +116
Permanent jobs citing CISM 1,481 1,792 1,889
As % of all permanent IT jobs advertised in the UK 0.93% 1.00% 1.03%
As % of the Qualifications category 3.91% 4.18% 3.94%
Number of salaries quoted 1,043 1,352 1,475
UK median annual salary £65,000 £64,000 £65,000
Median salary % change year-on-year +1.56% -1.54% +8.33%
10th Percentile £41,250 £42,500 £41,250
90th Percentile £95,000 £95,000 £90,000
UK excluding London median annual salary £60,000 £55,000 £60,000
% change year-on-year +9.09% -8.33% +9.09%

CISM is in the Academic Qualifications and Professional Certifications category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for academic qualifications or professional certifications.

All Academic and Professional Certifications
UK
Permanent vacancies requiring academic qualifications or professional certifications 37,899 42,909 47,961
As % of all permanent IT jobs advertised in the UK 23.83% 23.95% 26.08%
Number of salaries quoted 27,744 33,026 38,279
UK median annual salary £50,000 £47,500 £45,000
Median salary % change year-on-year +5.26% +5.56% -
10th Percentile £26,250 £26,250 £26,250
90th Percentile £81,250 £77,500 £77,500
UK excluding London median annual salary £45,000 £42,500 £42,500
% change year-on-year +5.88% - +1.19%

CISM
Job Vacancy Trend

Job postings citing CISM as a percentage of all IT jobs advertised.

Job vacancy trend for CISM in the UK

CISM
Salary Trend

This chart provides the 3-month moving average for salaries quoted in permanent IT jobs citing CISM.

Salary trend for CISM in the UK

CISM
Salary Histogram

The salary distribution of IT jobs citing CISM over the 6 months to 18 December 2018.

Salary histogram for CISM in the UK

CISM
Top 15 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing CISM within the UK over the 6 months to 18 December 2018. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England -9 1,423 £65,000 +1.56% 191
UK excluding London +37 833 £60,000 +9.09% 110
London -67 602 £75,000 +7.14% 88
South East +3 275 £60,000 +3.45% 27
North of England -26 178 £55,000 +4.76% 31
East of England +92 146 £72,500 +26.09% 17
Midlands +41 109 £57,500 +9.52% 20
South West +59 94 £57,500 +9.00% 8
West Midlands +47 92 £52,500 - 12
North West -28 86 £60,000 +9.09% 17
Yorkshire +27 73 £47,500 -9.52% 10
Scotland +11 27 £55,000 -21.43% 4
North East -8 19 £61,427 -5.50% 4
East Midlands +27 14 £62,500 +21.95% 8
Wales +6 4 £36,412 -11.73% 2

For the 6 months to 18 December 2018, IT jobs citing CISM also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for CISM.

1 1,397 (94.33%) CISSP
2 1,105 (74.61%) Information Security
3 726 (49.02%) ISO/IEC 27001
4 699 (47.20%) CISA
5 695 (46.93%) Cybersecurity
6 458 (30.93%) Risk Management
7 364 (24.58%) Finance
8 349 (23.57%) PCI DSS
9 322 (21.74%) SIEM
10 321 (21.67%) GDPR
11 300 (20.26%) Management Information System
12 257 (17.35%) CRISC
13 254 (17.15%) CEH
14 241 (16.27%) Data Protection
15 235 (15.87%) ITIL
16 233 (15.73%) Firewall
16 233 (15.73%) Degree
17 229 (15.46%) Security Architecture
18 228 (15.40%) Penetration Testing
19 197 (13.30%) Windows
20 192 (12.96%) SANS
21 182 (12.29%) Stakeholder Management
22 180 (12.15%) Linux
23 177 (11.95%) Vulnerability Management
24 174 (11.75%) Agile Software Development
25 171 (11.55%) Security Management
26 164 (11.07%) GIAC
27 162 (10.94%) SSCP
27 162 (10.94%) Security Operations
28 137 (9.25%) Identity Access Management

CISM
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 21 (1.42%) SharePoint
2 19 (1.28%) ExpressionEngine
2 19 (1.28%) WordPress
3 16 (1.08%) IIS
4 8 (0.54%) Apache
4 8 (0.54%) Confluence
5 5 (0.34%) MS Exchange
6 3 (0.20%) OpenStack
7 2 (0.14%) JBoss
7 2 (0.14%) Tomcat
7 2 (0.14%) WebLogic
8 1 (0.068%) SAS
8 1 (0.068%) SharePoint 2013
8 1 (0.068%) Skype for Business
Applications
1 16 (1.08%) Microsoft Office
2 10 (0.68%) MS Visio
3 3 (0.20%) Microsoft Excel
4 2 (0.14%) Microsoft PowerPoint
5 1 (0.068%) Microsoft Project
5 1 (0.068%) Spreadsheet
Business Applications
1 10 (0.68%) SAP GRC
2 5 (0.34%) assyst
3 4 (0.27%) Infor M3
4 3 (0.20%) Sentinel
5 2 (0.14%) SAP HR
6 1 (0.068%) Oracle Applications
6 1 (0.068%) SAP ERP
Cloud Services
1 116 (7.83%) Microsoft Azure
2 110 (7.43%) Amazon AWS
3 53 (3.58%) Office 365
4 42 (2.84%) SaaS
5 29 (1.96%) IaaS
6 13 (0.88%) Google Cloud Platform
7 11 (0.74%) PaaS
8 10 (0.68%) Mimecast
9 8 (0.54%) Cloud Computing
10 3 (0.20%) GitHub
11 2 (0.14%) OneDrive
11 2 (0.14%) Yammer
12 1 (0.068%) Amazon CloudWatch
12 1 (0.068%) Amazon EC2
12 1 (0.068%) Amazon S3
12 1 (0.068%) AWS CloudFormation
12 1 (0.068%) AWS CloudTrail
12 1 (0.068%) CloudFront
12 1 (0.068%) Dropbox
12 1 (0.068%) Virtual Private Cloud
Communications & Networking
1 233 (15.73%) Firewall
2 122 (8.24%) Network Security
3 61 (4.12%) Intrusion Detection
4 57 (3.85%) Internet
5 40 (2.70%) TCP/IP
6 30 (2.03%) VPN
7 26 (1.76%) WAN
8 23 (1.55%) LAN
9 22 (1.49%) IPsec
10 21 (1.42%) DNS
11 20 (1.35%) HTTP
12 19 (1.28%) SCCP
13 15 (1.01%) Wireless
14 14 (0.95%) Broadband
14 14 (0.95%) DMZ
15 12 (0.81%) BGP
15 12 (0.81%) Cisco Nexus
15 12 (0.81%) EIGRP
16 10 (0.68%) DKIM
16 10 (0.68%) DMARC
Database & Business Intelligence
1 43 (2.90%) Big Data
2 19 (1.28%) MongoDB
3 13 (0.88%) Geospatial Data
4 10 (0.68%) Hadoop
4 10 (0.68%) SQL Server
5 9 (0.61%) DB2
6 5 (0.34%) GIS
7 3 (0.20%) Data Mining
7 3 (0.20%) MySQL
8 1 (0.068%) Amazon RDS
8 1 (0.068%) BusinessObjects
8 1 (0.068%) Data Lake
8 1 (0.068%) Data Warehouse
8 1 (0.068%) Oracle Database
8 1 (0.068%) PostgreSQL
8 1 (0.068%) QlikView
Development Applications
1 15 (1.01%) Metasploit
2 8 (0.54%) AppScan
2 8 (0.54%) JIRA
3 3 (0.20%) Git (software)
4 1 (0.068%) Ant
4 1 (0.068%) Burp Suite
4 1 (0.068%) Paros
4 1 (0.068%) SonarQube
General
1 364 (24.58%) Finance
2 107 (7.22%) Legal
3 106 (7.16%) Banking
4 72 (4.86%) Retail
5 45 (3.04%) Telecoms
6 31 (2.09%) Investment Banking
7 27 (1.82%) Law
8 24 (1.62%) Marketing
9 22 (1.49%) Publishing
10 21 (1.42%) Manufacturing
11 12 (0.81%) Local Government
12 8 (0.54%) Financial Institution
13 6 (0.41%) Games
14 5 (0.34%) Electronics
14 5 (0.34%) Pharmaceutical
15 4 (0.27%) Advertising
16 3 (0.20%) Aerospace
16 3 (0.20%) Retail Banking
17 2 (0.14%) Front Office
18 1 (0.068%) Back Office
Job Titles
1 346 (23.36%) Security Manager
2 272 (18.37%) Analyst
3 226 (15.26%) Security Analyst
4 196 (13.23%) Consultant
5 195 (13.17%) Information Manager
6 187 (12.63%) Information Security Manager
7 167 (11.28%) Security Consultant
8 134 (9.05%) Architect
9 133 (8.98%) Information Analyst
10 132 (8.91%) Security Architect
11 131 (8.85%) Information Security Analyst
12 128 (8.64%) Security Engineer
13 112 (7.56%) Security Officer
14 91 (6.14%) Head of Security
15 84 (5.67%) Cybersecurity Consultant
15 84 (5.67%) Information Security Officer
16 82 (5.54%) Information Officer
17 68 (4.59%) IT Manager
17 68 (4.59%) Senior Analyst
18 62 (4.19%) Senior Security Analyst
Libraries, Frameworks & Software Standards
1 24 (1.62%) SailPoint
2 23 (1.55%) Elastic Stack
3 22 (1.49%) .NET
4 19 (1.28%) Node.js
5 18 (1.22%) Web Services
6 10 (0.68%) REST
7 9 (0.61%) LDAP
8 8 (0.54%) SAML
9 7 (0.47%) Middleware
10 6 (0.41%) Spring
11 5 (0.34%) LAMP
11 5 (0.34%) ModSecurity
11 5 (0.34%) OAuth
12 4 (0.27%) ASP.NET
13 3 (0.20%) JSON
13 3 (0.20%) Protocol Buffers
13 3 (0.20%) RESTful
13 3 (0.20%) XML
14 2 (0.14%) 802.1X
14 2 (0.14%) SAP Basis
Miscellaneous
1 300 (20.26%) Management Information System
2 129 (8.71%) Analytical Skills
3 91 (6.14%) Security Operations Centre
4 81 (5.47%) Data Protection Act
5 69 (4.66%) PKI
6 58 (3.92%) Self-Motivation
7 55 (3.71%) Data Centre
8 37 (2.50%) Cyberattack
9 32 (2.16%) CESG
10 31 (2.09%) Distributed Denial-of-Service
11 26 (1.76%) Cyberthreat
12 20 (1.35%) Fintech
13 18 (1.22%) Cyber Kill Chain
14 16 (1.08%) Cybercrime
14 16 (1.08%) Public Cloud
15 14 (0.95%) Enterprise Software
16 13 (0.88%) Algorithms
17 12 (0.81%) Internet of Things
18 11 (0.74%) Hybrid Cloud
19 10 (0.68%) NHS
Operating Systems
1 197 (13.30%) Windows
2 180 (12.15%) Linux
3 96 (6.48%) Unix
4 33 (2.23%) Windows Server
5 15 (1.01%) Kali Linux
6 12 (0.81%) Red Hat Enterprise Linux
7 10 (0.68%) Android
7 10 (0.68%) Apple iOS
8 9 (0.61%) CentOS
9 8 (0.54%) Debian
10 5 (0.34%) AIX
10 5 (0.34%) HPUX
11 4 (0.27%) Windows Server 2003
11 4 (0.27%) Windows Server 2008
11 4 (0.27%) Windows Server 2012
11 4 (0.27%) Windows XP
12 1 (0.068%) Mac OS
12 1 (0.068%) VMS
Processes & Methodologies
1 1,105 (74.61%) Information Security
2 695 (46.93%) Cybersecurity
3 458 (30.93%) Risk Management
4 322 (21.74%) SIEM
5 241 (16.27%) Data Protection
6 235 (15.87%) ITIL
7 229 (15.46%) Security Architecture
8 228 (15.40%) Penetration Testing
9 182 (12.29%) Stakeholder Management
10 177 (11.95%) Vulnerability Management
11 174 (11.75%) Agile Software Development
12 171 (11.55%) Security Management
13 162 (10.94%) Security Operations
14 137 (9.25%) Identity Access Management
15 136 (9.18%) Information Security Management
16 129 (8.71%) Continuous Improvement
17 116 (7.83%) ISMS
18 109 (7.36%) Problem-Solving
19 105 (7.09%) OWASP
20 104 (7.02%) Incident Management
Programming Languages
1 25 (1.69%) C
1 25 (1.69%) Java
2 21 (1.42%) Python
3 20 (1.35%) PHP
4 18 (1.22%) Perl
5 16 (1.08%) Ruby
6 15 (1.01%) Go
7 10 (0.68%) C#
7 10 (0.68%) C++
8 8 (0.54%) PowerShell
8 8 (0.54%) VB
9 5 (0.34%) Shell Script
10 4 (0.27%) Bash Shell
10 4 (0.27%) SQL
11 3 (0.20%) VBScript
12 1 (0.068%) JavaScript
12 1 (0.068%) Scala
Qualifications
1 1,397 (94.33%) CISSP
2 699 (47.20%) CISA
3 257 (17.35%) CRISC
4 254 (17.15%) CEH
5 233 (15.73%) Degree
6 192 (12.96%) SANS
7 164 (11.07%) GIAC
8 162 (10.94%) SSCP
9 128 (8.64%) Cisco Certification
10 100 (6.75%) Security Cleared
11 96 (6.48%) CompTIA Security+
12 72 (4.86%) (ISC)2 CCSP
13 69 (4.66%) CESG Certified Professional
14 59 (3.98%) SC Cleared
15 58 (3.92%) CISMP
15 58 (3.92%) CSSLP
16 53 (3.58%) CREST Certified
17 48 (3.24%) Computer Science Degree
17 48 (3.24%) ISO 27001 Lead Auditor
18 47 (3.17%) CCSP
Quality Assurance & Compliance
1 726 (49.02%) ISO/IEC 27001
2 349 (23.57%) PCI DSS
3 321 (21.67%) GDPR
4 106 (7.16%) Cyber Essentials
5 95 (6.41%) COBIT
6 61 (4.12%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
7 32 (2.16%) Sarbanes-Oxley
8 31 (2.09%) Cyber Essentials PLUS
8 31 (2.09%) HMG Security Policy Framework
9 27 (1.82%) ISO 22301
10 26 (1.76%) QA
11 23 (1.55%) MiFID
12 18 (1.22%) ISO/IEC 27005
13 17 (1.15%) NIST 800
14 14 (0.95%) HIPAA
15 11 (0.74%) ISAE 3402
16 8 (0.54%) ISO/IEC 20000
16 8 (0.54%) RMADS
17 6 (0.41%) COSO
17 6 (0.41%) ISO 9001
System Software
1 31 (2.09%) Active Directory
2 24 (1.62%) Snort
3 11 (0.74%) VMware Infrastructure
4 10 (0.68%) Hyper-V
5 6 (0.41%) Docker
5 6 (0.41%) vSphere
6 3 (0.20%) Virtual Machines
7 2 (0.14%) NDS
8 1 (0.068%) ProxySG
8 1 (0.068%) VMware NSX
Systems Management
1 46 (3.11%) Nessus
2 25 (1.69%) OSSEC
3 17 (1.15%) SCCM
3 17 (1.15%) Single Sign-On
4 14 (0.95%) CASB
4 14 (0.95%) Nmap
4 14 (0.95%) QRadar
5 13 (0.88%) CSIRT
6 12 (0.81%) McAfee ePO
7 9 (0.61%) HP Fortify
8 7 (0.47%) Ansible
8 7 (0.47%) Nexpose
9 6 (0.41%) Core Impact
9 6 (0.41%) OpenVAS
9 6 (0.41%) RSA Archer
10 5 (0.34%) IBM BigFix
10 5 (0.34%) Norton AntiVirus
10 5 (0.34%) WSUS
11 3 (0.20%) Kubernetes
12 2 (0.14%) WebInspect
Vendors
1 98 (6.62%) Microsoft
2 77 (5.20%) Symantec
3 50 (3.38%) Sophos
4 49 (3.31%) LogRhythm
5 45 (3.04%) Splunk
6 44 (2.97%) Oracle
7 41 (2.77%) Cisco
8 32 (2.16%) Qualys
9 26 (1.76%) CheckPoint
10 23 (1.55%) VMware
11 22 (1.49%) Blue Coat
11 22 (1.49%) McAfee
12 21 (1.42%) Palo Alto
13 19 (1.28%) SAP
14 18 (1.22%) Aveksa
15 15 (1.01%) ArcSight
15 15 (1.01%) IBM
16 14 (0.95%) Google
16 14 (0.95%) Juniper
17 13 (0.88%) Forcepoint