Discover your dream Career
For Recruiters

It’s questionable whether banks are recruiting enough IT security professionals

Information security professionals are relatively hot property within the banking sector, but firms are not recruiting enough people to deal with the increasing scale of the threat.

We've mentioned numerous times over the past 12 months that information security officers have seen both an elevated status and increased salaries within the financial sector, but it's questionable whether banks are building their teams enough.

Research by PwC suggests that financial services companies are susceptible to cybercrime, but that firms are "complacent" when it comes to addressing the risks from both external and internal threats.

"Right now most financial institutions are under extreme cost pressure and reluctant to recruit people for information security, and are instead assuming that their existing teams can deal with any challenges," says Andrew Clark, forensic services partner at PwC. "Often it takes a catastrophic failure for them to realise the scale of the problem."

Nonetheless, financial technology recruiters suggest that – comparatively speaking – demand for information security professionals within the banking sector remains high. It's unlikely that they will consider technologists from other areas of banking for these roles, however, and instead they're hiring from other industries including telecoms, the military and the public sector, says Paul Elworthy, managing director, banking and financial services at recruiters Hudson.

At the very least in order to break into this area banks will expect you to come with BSI ISO/IEC accreditation – the standard that defines information security management systems – usually to ISO/IEC 27001 level.

Another must-have is the Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor qualifications, says Elworthy.

"Technologies such as Arcsight, Cyberark and Proventia are in demand, but knowledge of software applications is no longer enough and companies are now also focused heavily on knowledge and skills around the procedures and systems needed in order to prevent and deter access to information," says Elworthy.

Pay can be relatively lucrative for these roles: a head of information security working in an investment bank earns around £110k, while roles lower down the career ladder pay £65-90k. On a contract basis, expect £500-750 a day for IT security and risk management roles.

There are also roles being created within the Big Four consulting firms, which are seeing an influx of business from financial services firms, particularly the smaller companies.

"Given the findings of our survey and the work we're undertaking with our clients around cyber-security, we're increasing our capabilities in this area," he says.

author-card-avatar
AUTHORPaul Clarke

Sign up to Morning Coffee!

Coffee mug

The essential daily roundup of news and analysis read by everyone from senior bankers and traders to new recruits.

Sign up to Morning Coffee!

Coffee mug

The essential daily roundup of news and analysis read by everyone from senior bankers and traders to new recruits.