Information Security Analysts


Salary Median (2020)


Projected Job Growth (2019-2029)

+34.7% (much faster than the average)


What Information Security Analysts Do

Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Other Job Titles Information Security Analysts May Have

Information Security Officer, Information Systems Security Officer (ISSO), Information Technology Security Analyst (IT Security Analyst), Network Security Analyst

How Leaders Describe a Typical Day at Work

Vice President of Technology and Information Risk ,

Morgan Stanley

I develop and implement strategies focusing on the entitlement life-cycle and management of unstructured data across the firm. I also partner with business and technology stakeholders to provide technology solutions (tactical and strategic) to better enable the firm to meet business objectives. I manage the development and deployment of the first global windows file-share entitlement review. I present strategy, challenges, and processes to senior management and risk officers.


International Association of Certified ISAOs

As a cybersecurity executive and critical infrastructure protection strategist, I work with senior corporate leaders and government officials to make the nation more resilient. I am focused on progressing and harmonizing cyber threat information sharing globally. I represent emerging ISAOs to assist them in building and managing their organizations effectively.

Tasks & Responsibilities May Include

  • Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
  • Monitor current reports of computer viruses to determine when to update virus protection systems.
  • Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
  • Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  • Modify computer security files to incorporate new software, correct errors, or change individual access status.

This page includes information from theO*NET 26.1 Databaseby the U.S. Department of Labor, Employment and Training Administration (USDOL/ETA). Used under theCC BY 4.0license. O*NET® is a trademark of USDOL/ETA.