Salary · Cybersecurity
CISM (ISACA) salary: what it pays (2026)
Indicative pay ranges for roles that commonly value CISM - broken down by role and by market. These are orientation figures, not a salary survey, so use them to compare and plan, then verify for your own city and year.
Indicative ranges for orientation only - not surveyed data, and not financial or career advice.
What CISM tends to pay
CISM targets security management and pay reflects that. US holders in security-manager and governance roles commonly report roughly US$120k-175k, and the credential is frequently requested for management-track and CISO-pipeline roles.
Pay by role (indicative)
| IT Risk / Governance Analyst | ~$95k-130k |
|---|---|
| Information Security Manager | ~$120k-160k |
| IT Audit Manager | ~$110k-150k |
| Security Director | ~$150k-180k |
| CISO (with experience) | ~$180k-250k+ |
Bands are indicative US figures unless stated. Actual pay depends on experience, employer, city and year.
Other markets (indicative)
| United Kingdom | ~£55k-85k |
|---|---|
| Canada | ~CA$100k-145k |
Jobs that often ask for it
- Information Security Manager
- IT Risk Manager
- Governance / Compliance Lead
- Security Director
- CISO (with experience)
Weigh the pay against the cost
Salary is only half the picture. Before you commit, check what CISM actually costs to sit and maintain, and where it can take you over a career.
- See the full fee breakdown in the CISM cost and overview (exam fee, retake, materials and renewal).
- Estimate your total spend, including a possible retake, with our exam cost calculator.
Where CISM leads (with a pay ladder)
These career paths show how pay typically climbs stage by stage, and where CISM fits on the way up: