Director of Security and Risk Management

Career Guide

Leads a company’s security and enterprise risk programs. Oversees physical security, threat assessment, investigations, and crisis response while aligning risk policies with business goals and compliance. Manages teams, budgets, and vendors to protect people, assets, and operations.

Key Responsibilities

Set security and risk strategy and governance framework
Lead enterprise risk assessments and mitigation plans
Manage physical security operations (guards, access control, CCTV)
Direct incident response, investigations, and crisis management
Oversee business continuity planning and emergency preparedness
Manage security vendors, contracts, and budgets
Report risk posture and metrics to executives and the board

Career Progression

Can Lead To

Senior Director/Head of Security

Vice President, Security & Risk

Chief Security Officer (CSO)

Chief Risk Officer (CRO)

Transition Opportunities

Business Continuity/Resilience Director

Enterprise Risk Management Director

Security Consultant (Management Consulting)

Emergency Management Director

Common Skill Gaps

Often Missing Skills

Formal enterprise risk frameworks (ISO 31000) applicationBusiness continuity and crisis exercise designPhysical security technologies and GSOC operationsComplex incident investigations and case managementRegulatory/compliance risk reporting to executives

Development SuggestionsComplete ISO 31000/22301 training and lead a pilot risk assessment + tabletop exercise at your current organization; pursue ASIS CPP/PSP and gain hands-on exposure to access control/CCTV and incident case tools.

Salary & Demand

Median Salary Range

Entry Level$115,000–$145,000

Mid Level$150,000–$195,000

Senior Level$200,000–$260,000

Growth Trend

growing

Companies Hiring

Major Employers

AmazonJPMorgan Chase & Co.Microsoft

Industry Sectors

TechnologyFinancial ServicesHealthcareManufacturingRetail & E‑Commerce

Recommended Next Steps

Earn ASIS CPP (and PSP if overseeing physical security) and complete FEMA ICS/NIMS courses (IS‑100, IS‑700).

Lead a cross‑functional risk assessment and business impact analysis; document a BCP and run a tabletop, capturing metrics and lessons learned.

Join ASIS International and the Risk Management Society (RIMS); attend a local chapter meeting and secure two informational interviews with sitting security directors.