Amid Digital Transformation, Security Compensation Rises in the Middle East
How much do security leaders in the Middle East earn today? Security recruitment firm SSR Personnel conducted a multinational survey across Bahraine, Kuwait, Oman, Saudi Arabia, the United Arab Emirates (UAE), and Qatar to determine how roles and responsibilities are evolving in this fast-growing area and how compensation is keeping up.
The survey’s findings are collected in the SSR Personnel Middle East Salary Survey 2023.
Salary Ranges
Growth opportunities across the Middle East—especially in areas tied to digital transformation—have played out favorably for security roles and salaries. Based on data from more than 12,000 security professionals from more than 40 business sectors, SSR found that 95.45 percent of professionals said they were adequately compensated in their current role, compared to 41.03 percent in 2021.
Among professionals whose salaries increased between 2021 and 2023 (all but 11.76 percent said they had a salary increase recently), 26 percent cited annual increases and 23 percent said that the salary increase was tied to performance. Inflation accounted for 13 percent of salary increases. In 2021, for comparison, nearly 40 percent of security professionals said they did not receive a salary increase.
So, what do different security leadership roles earn in the Middle East today? SSR broke it down by job title and responsibility.
CSO. For this senior security executive position (including global resilience and risk directors, too), typical responsibilities include policy, executive board briefings, pandemic preparation, cyber incursion response and resilience, and crisis management. Executive bonuses ranges up to 50 percent, with share options, healthcare, and a $12,000 travel allowance. Salaries for most (more than 40 percent) CSOs fell in the $95,000-$125,000 (USD) range, with 30 percent in the $125,000-$155,000 range, and less than 20 percent in the $155,000+ range.
CISO. Chief information security officers in the Middle East are largely responsible for delivering localized policy. They brief the executive board as part of a converged role managing cyber and pandemic response with a diverse located team. Executive bonuses average around 35 percent of their salary. This position had a wider range of compensation, with most (50 percent) in the $82,000-$125,000 range, but more than 20 percent earning more than $200,000.
Head of risk. Also covering head or VP of resilience, this position involves regional policy development, executive reporting, and promulgating corporate policy for physical and intellectual property protection. The medium bonus range is 30 percent of the salary, and the position includes a travel allowance up to $10,000. Salary-wise, 20 percent earned $180,000+, more than 30 percent earned between $120,000-$180,000, but more than 25 percent earned the lowest salary range: $0-$60,000.
Head of group security. This role develops crisis response and increasingly manages preparedness programs. The individual is responsible for regional reporting, policy implementation, and promulgating corporate policy around both physical and information security. More than 40 percent earned between $100,000 and $140,000. Less than 20 percent earned more than $180,000.
Fraud prevention manager. This role is responsible for loss through fraud, supply chain theft, and e-commerce transactions. He or she develops loss prevention programs, asset tracking, and procurement collusion detection, while increasingly auditing digital processes. More than 30 percent earned a salary in the $125,000-$155,000 range.
Cyber resilience manager/head of cyber. This role serves as an internal case manager who decides which events to pursue, provides proactive attack strategies, and works with cyber agencies to encourage coordinated actions. Experience for this position is drawn from a mix of physical and digital backgrounds. Salary ranges are primarily (35+ percent) in the $65,000-$130,000 range, followed closely (30+ percent) by the $130,000-$185,000 range.
Evolving Priorities and Digital Transformation
SSR asked participants to rank a series of risks in terms of impact to their organization. Organizational governance topped the list with a 4.61 rating, followed by culture (3.72), cybersecurity (2.88), talent management (2.13), and data privacy (1.64). Some of these priorities are closely linked, particularly around recruiting digital-savvy professionals to key roles as the cost-of-living increases in the Middle East.
“Digital skills will shape the upcoming talent demands across the region,” the SSR report says. “The hurdle for those hiring will be finding the right talent with these digital skills. The Middle East cybersecurity spending by the end of this year will be USD16 billion, expecting it to grow to more than USD28 billion in 2025.”
Cloud-related jobs are on the rise—there was a 17 percent increase in these roles across the Gulf region in the first part of 2022. In addition, cryptocurrency, non-fungible tokens (NFTs), and other digital assets are catching on across the Middle East and among the region’s growing population of young, digital-native professionals.
“One of the biggest opportunities that Middle East countries have and can capitalize on, is their young population. To take advantage of this, countries need to create and make skills accessible, create new industries, and create more employment opportunities,” the report says.
Getting those young professionals into security roles is a daunting task, though.
The UAE launched a Fourth Industrial Revolution (4IR) Strategy to strengthen its position as a global business hub, and one of the pillars of the program is future talent—preparing a national talent pool, encouraging entrepreneurs, and equipping them with science and technology skills through an applied education system.
“A PWC survey of CEOs based in the Middle East found that 70 percent see the unavailability of essential digital skills as a serious business threat,” the SSR report adds. “According to the survey, all [Gulf Corporation Council (GCC) members] continue to prioritize skills shortages. In 2022 that has been upskilling workers, increasing wages for retention, supporting workers’ physical and mental well-being, and automating/enhancing work via technology. Companies who participated in SSR surveys expected to increase salaries in 2023 by 5 percent to offset regional rising costs of living and retain workers.”
