CISO Salary in 2026

Play CISO Game free Free · no signup · plays in 30–45 min

By Arik Volovsky · Cybersecurity strategy game designer · Updated May 2026

CISO salary in 2026: a first-time CISO at a mid-market company earns $300,000–$700,000 in base salary plus equity. Senior CISOs at public Fortune 500 companies frequently exceed $1,000,000 in total compensation. Director-level security managers transitioning into the role typically start at $200,000–$380,000. Figures vary by industry, company size, geography, and whether the role carries board-reporting authority.

Salary by career stage

Stage	Years exp	Typical title	Base salary (US)	Total comp (US)
Director-level transitioning	10–15	Director of Security, Head of InfoSec	$200,000–$280,000	$240,000–$380,000
First-time CISO (mid-market)	12–18	CISO at 500–5,000 employee co.	$280,000–$420,000	$350,000–$700,000
Established CISO (mid-market)	15–20	CISO with 2+ years tenure	$340,000–$500,000	$450,000–$850,000
Enterprise CISO	18–25	CISO at Fortune 500 or large public co.	$420,000–$700,000	$700,000–$1,500,000
Tier-1 enterprise / public-co CISO	20+	CISO at top global financial / tech	$600,000–$1,000,000	$1,200,000–$3,500,000
vCISO (fractional)	15+	vCISO retainer at multiple clients	n/a (retainer)	$5,000–$25,000/month per client

Base + bonus + equity at typical vest. Source: Kudelski Security 2025 Cybersecurity Leadership Survey, Robert Half 2025 Salary Guide, IANS Research / Artico Search 2025 State of CISO Compensation, public proxy statements (S&P 500 disclosures).

Salary by industry vertical

Industry	Total comp (mid-market CISO)	Premium vs baseline
Financial services / fintech	$550,000–$900,000	+25–40%
Technology platforms / SaaS	$450,000–$800,000	+15–30%
Cryptocurrency / Web3	$500,000–$1,200,000	+30–60% (high variance)
Healthcare / life sciences	$380,000–$650,000	+5–15%
Manufacturing / industrial	$320,000–$520,000	baseline
Retail / consumer	$300,000–$480,000	−5 to baseline
Government / defense (DoD)	$220,000–$380,000	−25 to −15% in cash; pension + clearance value offsets

Salary by geography

Region	Total comp (mid-market CISO)
San Francisco / Bay Area	$550,000–$900,000
New York metro	$500,000–$800,000
Boston, Seattle, Washington DC	$450,000–$700,000
US national median	$380,000–$600,000
London	$330,000–$560,000 (£260,000–£440,000)
Singapore / Tel Aviv	$340,000–$580,000
Toronto / Sydney / Frankfurt	$280,000–$480,000

How CISO equity is structured

Equity is where mid-market and pre-IPO CISO compensation gets interesting. Three structures dominate in 2026:

Public company RSUs. Typical mid-market public CISO grant: $200,000–$500,000 of RSUs per year, vesting quarterly over 4 years. Senior CISOs at Fortune 500 receive $500,000–$2,000,000 in annual grants.
Pre-IPO ISOs/RSUs. Series B–D CISO equity: 0.1%–0.5% of fully-diluted shares, 4-year vest with 1-year cliff. At successful exits (e.g., $1B+ valuation), this can deliver $1M–$5M+ in liquidity.
vCISO equity. Some vCISO engagements include 0.05%–0.25% equity in lieu of higher cash retainer, especially at seed-stage SaaS companies.

Bonus structures

CISO bonuses (15–40% of base) tie to:

Audit pass rates (SOC 2, ISO 27001, FedRAMP, sector-specific)
Incident-response performance (mean time to detect, contain, recover)
Major project delivery (Zero Trust, cloud migration, M&A integration)
Board-confidence scores from quarterly briefings (increasingly common)
Regulatory milestone achievement (DORA, NIS2, FedRAMP ATO, GDPR DPA closures)

How to get on the CISO compensation path

Reaching CISO-level compensation typically takes 12–20 years from entry-level. The acceleration moves come at three points:

Senior IC to manager (years 4–6): the move that unlocks $150,000–$200,000 base. Most candidates earn CISSP or CISM at this stage.
Manager to director (years 8–12): the first time you own a budget and headcount. Compensation typically jumps 30–50% at this transition.
Director to first-time CISO (years 12–18): the role transition. Most successful candidates pursue CCISO or have led a major regulatory program (FedRAMP, SOC 2 Type II, GDPR-readiness) that justifies the title.

See the 2026 CISO career roadmap for the stage-by-stage moves and the CISSP / CISM / CCISO study guide for the credentials at each transition.

See CISO compensation pressure in action

CISO compensation looks impressive on paper. The pressure that earns it is harder to convey. Play CISO Game free to feel the budget defense, board crisis, and incident response that define the actual role. The simulation models the same metrics CISOs are bonused on — board confidence, audit pass, breach response — across 5 in-game years.

Frequently asked questions

What is the average CISO salary in 2026?

A first-time CISO at a mid-market company (500–5,000 employees) earns $300,000–$700,000 in base salary plus equity in 2026. Senior CISOs at public Fortune 500 companies frequently exceed $1,000,000 in total compensation. Director-level security managers transitioning into the role typically start at $200,000–$380,000. Figures vary by industry, company size, and whether the role carries board-reporting authority.

Do CISOs get equity?

Yes — at any company larger than seed-stage. Mid-market CISO equity typically ranges from 0.1%–0.5% of fully-diluted shares (vesting over 4 years). At public companies, RSU grants of $200,000–$800,000 per year are common at the senior CISO level. Pre-IPO companies sometimes offer equity worth more than total cash compensation if the company exits successfully.

How much do CISOs make at large enterprises versus startups?

Fortune 500 CISOs earn $700,000–$1,500,000+ in total compensation (base + bonus + equity). Mid-market (500–5,000 employees) CISOs earn $400,000–$700,000 total. Series B–D startup CISOs earn $300,000–$500,000 cash with significant equity upside. Seed-stage startups often hire a vCISO consultant rather than a full-time CISO; vCISO retainers range from $5,000–$25,000 monthly.

Which industries pay CISOs the most?

Financial services, technology platforms, and cryptocurrency/Web3 firms pay the highest CISO salaries — typically a 20–40% premium over healthcare, retail, or manufacturing. Defense contractors and federal agency CISOs cap lower in cash compensation but offer pension and clearance value. Healthcare and life sciences CISOs are catching up rapidly post-Change Healthcare 2024.

Does certification affect CISO salary?

Marginally. Once at the CISO level, certifications matter less than track record. CISSP and CCISO are implicit table stakes (most CISO postings name one). Adding CISM or CRISC does not measurably move CISO compensation. Industry-specific creds (CISSP-ISSMP, CIPP for privacy, OSCP for technical credibility) can move comp by 5–10% at the margin in matching roles.

How much does CISO salary vary by geography?

San Francisco, New York, and Boston CISO compensation runs 20–35% above the national US median. Remote roles have flattened the differential — fully remote CISO postings now show only a 5–15% bay-area premium versus pre-2023 levels of 30%+. Outside the US, London CISO salaries are roughly 60% of New York equivalents; Singapore and Tel Aviv have closed to within 80%.

What is a CISO bonus typically structured around?

Most CISO bonuses (15–40% of base) tie to security program metrics: incident-response performance, audit pass rates, board-confidence scores, regulatory compliance achievements, and major project delivery (Zero Trust rollouts, cloud migrations, M&A integration). Cash incentives typically pay out annually; equity vests quarterly or annually over 4 years.

Play CISO Game free →