The titles of executive security roles within an organization vary greatly, but there are a few constants when it comes to top-level positions.

What’s the Significance of a Security Job Title?

Perhaps you are thinking about the next step in your security career or the general trajectory of where you’d like to see yourself in a few years. Or, perhaps you’re curious about how your title compares with your peers in other sectors. Maybe you are overwhelmed by the breadth and variety of security job titles, and you struggle to understand which role is actually the senior-most security role within an organization.

In this industry, the level of variance among job titles for security executives is overwhelming. At a small company or within certain sectors, the top-level security executive may be a senior manager or manager. At some companies, a director may have more seniority than a vice president.

“In general, when you talk security positions, you’ll have your C-level titles such as chief security officer (CSO), followed by vice president (VP) and then director. The CSO is the thought leader and strategist; the VP and directors will be looking at strategy and overall areas of risk. Under that, you’ll typically have senior managers and managers, and these are often the more operational or technical positions,” explains Shunil Joseph, Managing Partner at First Arrow Executive Search.

While such a hierarchy can be thought of as a general guideline for those high-level security job titles, all security experts told Security magazine that the true hierarchy, along with that delineation between strategist and operationalist, can vary greatly from one organization to the next.

“It's very individual to each organization,“ says Co-Founder and Chief Executive of the Security Management Resources Group and Security magazine columnist Jerry Brennan. “There are senior directors and senior managers who report at very high levels and lead the global program. Some organizations avoid using chief security officer due to conflicts with the senior-most IT/cybersecurity head. The only thing that is linear is the individual organization structure, i.e. CEO, President, Exec VP, Senior VP, VP, Asst VP, Senior Director, Director, General Manager, Senior Manager, Manager.”

One of the challenges with titles, Brennan says, is that organizations may have constructed titles and personnel categories tied to compensation without regard to a single function such as security and, therefore, the title and responsibilities may not align in a traditional sense.

“I’ve worked with organizations where the vice president sits below the director or vice versa, but what I do see is that the point of change between technical jobs versus strategic is often seen in those positions managing teams — that’s often a director title or above,” says Owanate Bestman, Executive Recruiter at Bestman Solutions.  

Indeed, the majority of organizations give their highest-level security role the title of CSO, Vice President, Director, or a combination — and, in general, even among smaller or start-up organizations, titles tend to be more stable among those senior-most ranks to reflect that accountability.

After all, a job title is most often driven by two important factors: culture and accountability.

“From a corporate standpoint, titles are driven based on corporate culture. That’s the first and foremost,” says Stephen W. Walker, Partner at Foushée Group, Inc. Walker’s company conducts annual research on titles and compensation within security.

“The job title reflects how seriously security is taken within an organization,” says Deborah Page, Vice President at The McCormick Group. “Not only can the title reflect how the company feels about security, but it also reflects whether that role is a part of the executive team; it tells others if they have a voice within an organization and a seat at the table. At many companies, if you don’t have the right title, you just don’t have that voice.”

The significance of a security title can come into play when communicating internally within the organization to the C-suite, Board of Directors or other functions, but also externally with customers and vendors.

“It’s important for the security leader to have that influence and support from the Board or other executives, and at some organizations, a manager or a lead or head just doesn’t get that influence,” Bestman says.

On top of company culture, in broad-based terms, titles are often determined by accountabilities and influence of the position within the organization, Walker says. “That’s the start of saying that those top jobs signify a certain level of knowledge, experience, role complexity, supervision required and education,” he adds.

The senior security titles within an organization are typically doing the following, according to Bestman:

• Managing teams (depending on the organization’s size);
• Translating the technical aspects of the security programs and risk mitigation to others in the organization;
• Understanding the true risk appetite of the overall organization.

The accountabilities are really what most organizations tie compensation to, not the title. “Titles don’t drive compensation per se, but accountabilities do. And, accountabilities certainly differentiate titles. Many companies use those titles, which are based on accountabilities, to define compensation levels, pay packages and bonus eligible positions,” Walker explains.

In addition, another clue into the level of influence and accountability a security position or job title has is the reporting structure, according to Brennan. At the end of the day, those factors combined are all arguably more important than an executive’s formal job title. “Those are the real questions,” Brennan says. “What they are responsible for and who that security executive ultimately reports to are key marks of their influence within the organization.”

FAQs About Security Titles and Career Progression

Is it OK to move to a security leadership position that has a lesser-sounding title than what you had previously?

Many security leaders are hesitant to take a position that has a lesser-sounding title than what they had before. Experts say that should be the least of their worries when determining whether a new role is a good fit.

“Focus on the scope of the role, the responsibilities, the compensation and the impact of that role,” says Aaron Kutz, Practice Leader, Security, Direct Recruiters Inc.

For organizations hiring, experts say that previous experience is far more meaningful than previous titles. “Experience 100% is what organizations look for on a resume. They don’t care what the title was previously or they shouldn’t care,” Kutz says. “Experience outweighs title 10 out of 10 times.”

Can security executives negotiate job titles?

Many experts say it depends on the size of the company. “With large companies, it’s typically harder to negotiate titles because they have very structured hierarchies and more stakeholders that must be consulted before anything gets changed. It can be easier with smaller companies to negotiate,” Kutz says.

For those companies that don’t have wiggle room with the senior-most security titles, it’s not unheard of for those executives to have an official internal title, but use another title when dealing with vendors, media, peers, etc. “Sometimes, organizations will have the highest security position as a director on paper, but then allow the person to use VP or CSO or whatever they’d like to on their business cards to give them the extra gravitas they need to get those phone calls returned,” Shunil Joseph at First Arrow Executive Search says.

But, at the end of the day, if a security leader is hung up on a title as a reason to make or not make a career move, that focus is misdirected. “You should focus on compensation, reporting level and responsibilities. The title is just not as important as the content of the work, and you could be missing a perfect fit if you are looking solely at that job title,” advises Eric Scott, CEO at ESGI, a federal contractor executive search firm.