The business information security officer (BISO) is an emerging role that acts as a liaison between an organization’s business units (BUs) or regions and its cybersecurity function. BISOs are familiar with the businesses they support and understand
the business’s overall strategic roadmap.
Organizations are increasingly adding a BISO type role to complement their security teams and embed security more into the business. For both CISOs who are considering adding such a role and for BISOs themselves, it can be useful to know where other companies
place this role in the org chart, what comp packages they offer and what key aspects of the job keep BISOs satisfied.
In this piece, we’re highlighting two data points from our BISO Benchmark report, which provides a snapshot of the BISO role including data on compensation, background, and job satisfaction.
This report compiles survey findings from our third annual CISO Compensation and Budget Study. Jointly fielded with Artico
Search, this report features objective data from over 550 CISOs (including a subset of BISOs) on job satisfaction, career development, the scope of their role and benchmarking data on soft-skill development
and mentorships.
READ: Does Your Business Need a BISO?
BISO Compensation Metrics
Our survey found that BISO cash compensation averages $320,000. Total compensation ranges from $160,000 to $600,000, with outliers exceeding $1 million (see Figure 1.1). Annual comp increases averages 14% - most of the increase goes toward the base
salary and equity award with a relatively low bonus of 5%. The overall increase is comparable to the average CISO pay rise of 15% (see Figure 1.2). On average, BISO compensation is 21% lower than that of CISOs.
Figure 1 - Key BISO Compensation Metrics
1.1 BISO Compensation Ranges
1.2 BISO's Total Compensation Increased by 14%
The BISO Role
Besides their compensation, BISOs provided survey responses on key aspects of the job including emotional satisfaction at work. Most BISOs are satisfied with their job; two-thirds of BISOs are overall satisfied. In comparison, one in five BISOs are not
strongly satisfied in their role.
However, BISOs’ satisfaction with their career development is low with 40% of respondents unsatisfied with career development. A larger share of BISOs is not satisfied with their executive visibility support and nearly nine out of 10 BISOs are open
to a job change; 60% of respondents indicated they are contemplating a change in the near future (see Figure 2).
Figure 2 - BISOs’ Mixed Emotional Response to Their Job
2.1 BISO Overall Job Satisfaction Is Strong
2.2 Nearly All BISOs Consider Changing Jobs
Steve Martano, co-founder at Artico Search explains: “Given the nature of the role, there’s a risk that BISOs start to feel blocked from upward mobility. They're unlikely to be promoted to their manager’s job as business unit CIO and
are unlikely to be in line for the global CISO because that is usually a corporate number two. Our advice to managers is to keep BISOs engaged at both the business level and with the corporate function to provide high performers a path for career
development. “
READ: The BISO Role: Where Business Meets Security
BISO Retainment Recommendations
To help mitigate risk from losing BISOs security leaders, organizations are encouraged to keep BISOs engaged, supported and on a strong career development path.
For BISO’s, you can use the data in this report as a guide to better inform executive leadership about the importance of career development, executive visibility and their effect on job satisfaction.
Research-backed data like this is not only helpful for BISOs to use it as input regarding their own job satisfaction, but also in benchmarking how their role and compensation compares to their industry peers.
GET STARTED: BISO Compensation & Career Survey
CISO Compensation & Security Budget Benchmark Reports
Each year, IANS, in partnership with Artico Search, conducts a survey of CISOs and security leaders across the U.S. and Canadas on CISO compensation, security budgets, key security staff compensation and job satisfaction.
The findings from this survey are published in a series of in-depth reports that feature new takeaways, uncover a wealth of insights, and provide valuable leadership guidance to fine-tune your current role, department, and career path.
Download our 2022 Guide to Hiring and Retaining CISOs and Security Leaders – the sixth in our 2022 series of reports – for additional insights
into key strategies for hiring and retaining cyber security leaders and ways to increase job satisfaction.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.