Financial services firms, faced with hackers, rogue employees and an ever-expanding range of technology devices, are recruiting more information security experts. They are, however, in short supply.
In the past few months, the number of vacancies at retail banks, investment banks and hedge funds for experts who can fight cybercrime has surged, according to recruiters. That’s giving such people an edge in the job market. For every such vacancy on eFinancialCareers, there are only 2.8 candidates with the relevant skills, according to our resume database.
For smaller projects, firms are seeking contractors, says Ben Cowan, director of recruiters Astbury Marsden. In contrast to most contract roles, day rates are heading up. Senior roles pay up to £1,000 a day, he says, while more junior positions offer between £400 and 500 a day. By comparison, most full time positions pay between £60k and 70k.
Cybercrime is a growing concern across the sector, yet financial services firms have been complacent when it comes to recruiting information security professionals, recruiters say. It often takes a catastrophic failure for a bank to realise the scale of the problem.
“When we think about the lethal daily threats to the globally integrated financial services industry from nation-states and individuals, it is imperative that chief information security officers begin looking around corners, talk with each other and better prioritize the real threats to their firms,” says Mike McConnell, vice chairman of management consultancy Booz Allen.
Nonetheless, the hiring process can be lengthy. “Financial services firms are very cautious when it comes to taking on information security professionals, simply because of the sensitive nature of their role,” says Cowan.
Financial services firms expect their information security professionals to be well-qualified with at least a BSI ISO/IEC accreditation – the standard that defines information security management systems – usually to ISO/IEC 27001 level.
Another must-have is the Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor qualifications.