Information security is an increasingly huge concern for financial services firms. In the last week, Citigroup and the IMF were hacked and this follows a spate of incidences of both internal and external attacks on financial sector companies.
Not surprisingly, technologists with the expertise to increase financial services firms' armour against these attacks are hot property in the City. According to IT recruiters Greythorn, salaries have rocketed by 25k over the last year to the point where a head of IT security in a bank can now expect around 125k.
"There are only about 2,200 people qualified for top-level IT security roles in the whole country - and fewer than 500 working in the City," says Paul Winchester, managing director of Greythorn. "The problem is compounded by the fact that financial services companies are competing for talent with blue chip security agencies such as MI5 and MI6. The best people are already valuable but now demand is outstripping supply."
Morgan Stanley is recruiting for these types of roles up in Glasgow, while JP Morgan, Goldman Sachs and UBS are all hiring in this area.
However, a lot of firms are seeking external expertise on how to bolster their IT security controls, which means the likes of KPMG, Deloitte and PwC have also had cause to build their teams.
"Increasingly, investment banks are recruiting internally for information security roles, but many are content to draft in niche consultants and external software vendors," says Andrew Keene, director of IT in finance recruiters Thomson Keene.
Part of the reason for this may be because of the vetting process involved to ensure you get the right person on board to deal with vast quantities of confidential data. Then there's the fact that qualifying for these roles is an arduous process.
"The roles are extremely specialist and people need plenty of skills to get to the top," says Winchester. "IT professionals take networking positions to gain experience, then qualifications in CCSA, CCSE, VPN solutions, Firewall, and remote access. But employers will also want them to become accredited as Certified Information Systems Security Professionals."