CISO salary overview 2026: from deputy to executive
CISO salaries in Australia depend on experience level, sector, organisation size and geographic location. The table below presents current salary ranges based on 2026 market data from Australian recruitment firms and compensation surveys.
| Experience Level | Years of Experience | Annual Salary (AUD) | Typical Organisation |
|---|---|---|---|
| Deputy CISO | 3-5 years in security | A$170,000 - A$210,000 | Mid-sized firms, tech companies |
| Mid-Level CISO | 5-10 years in security | A$210,000 - A$280,000 | Large corporates, government |
| Senior CISO | 10-15 years in security | A$280,000 - A$350,000 | Enterprise, financial services |
| Executive CISO / Group CISO | 15+ years in security | A$350,000 - A$450,000+ | ASX 50, Big Four banks, global firms |
Note: These are base salaries excluding superannuation (typically 11.5% in 2026) and other benefits. Total compensation at the Big Four banks and major mining companies can be significantly higher when bonuses, equity and other benefits are included.
Factors that determine CISO salary in Australia
1. Certifications and qualifications
Certifications have a measurable impact on CISO compensation in Australia. CISSP holders earn on average 15-20% more than peers without it. The combination of CISSP, CISM and an MBA is the most highly valued by Australian employers. IRAP assessor credentials add significant value for government-facing roles, while CCISO from EC-Council is gaining traction among executive-level security leaders.
2. Sector and industry
The industry in which a CISO works significantly affects pay:
- Financial services (Big Four banks, insurers, super funds): Highest salaries, averaging 25-35% above market median due to APRA CPS 234 requirements and the critical nature of financial data protection
- Mining and resources: Above-average compensation driven by operational technology security requirements at BHP, Rio Tinto, Fortescue and Woodside
- Technology: Competitive base salaries with equity packages at companies like Atlassian, Canva and REA Group
- Government and defence: Competitive packages with strong superannuation (up to 15.4% for Commonwealth employees), job security and clearance premiums
- Telecommunications: Growing demand and competitive salaries following high-profile breaches at Optus and Medibank
3. Location: Sydney versus Melbourne and other cities
CISOs based in Sydney earn on average 10-20% more than colleagues in Melbourne. Sydney commands the highest premiums due to the concentration of financial services headquarters, technology companies and government agencies. Perth offers competitive salaries for mining and resources CISOs, while Canberra pays well for government and defence roles. Brisbane and Adelaide are emerging as secondary markets with lower cost of living but growing demand.
4. Organisation size and regulatory scope
A CISO at an ASX 50 company with 10,000+ employees and international operations typically earns 40-60% more than one at a mid-sized firm. APRA-regulated entities pay premium rates due to the personal accountability requirements under CPS 234, where the board and senior management bear direct responsibility for information security.
CISO salary compared with other IT security roles
| Role | Average Annual Salary (AUD) | Difference vs CISO |
|---|---|---|
| Chief Information Security Officer (CISO) | A$210,000 - A$300,000 | - |
| Information Security Manager | A$140,000 - A$185,000 | -30% to -40% |
| Security Architect | A$155,000 - A$200,000 | -25% to -35% |
| Senior IT Auditor | A$110,000 - A$145,000 | -40% to -50% |
| Data Protection Officer | A$115,000 - A$155,000 | -40% to -50% |
| Security Consultant | A$120,000 - A$165,000 | -35% to -45% |
| IT Risk Manager | A$130,000 - A$170,000 | -35% to -40% |
Benefits and total compensation package
The total compensation package for an Australian CISO typically includes:
- Superannuation: Employer contribution of 11.5% (2026 rate) on top of base salary, with some employers offering up to 15%
- Performance bonus: Annual bonus of 15-30% of base salary, tied to security programme KPIs and business objectives
- Equity or long-term incentives: Common at ASX-listed companies and technology firms
- Training and development budget: A$10,000 - A$25,000 annually for certifications, conferences and professional development
- Car allowance or novated lease: A$15,000 - A$25,000 per year at larger organisations
- Private health insurance: Salary-packaged or employer-funded coverage
- Flexible working: Hybrid arrangements are standard across virtually all CISO roles in Australia
Tips for salary negotiation as a CISO in Australia
Prepare with market data: Use salary surveys from Hays, Robert Half, Michael Page and the AISA (Australian Information Security Association) to benchmark your value against market averages.
Highlight regulatory expertise: Demonstrate knowledge of APRA CPS 234, the Privacy Act, Essential Eight and SOCI Act obligations. APRA experience commands a significant premium in financial services.
Quantify your impact: Present concrete achievements: breaches prevented, APRA compliance milestones achieved, Essential Eight maturity improvements, cost savings through risk reduction and successful security transformation programmes.
Consider the contracting route: As a freelance or interim CISO, day rates in Australia range from A$1,500 to A$2,500 per day, which on an annualised basis can yield considerably more than a permanent role.
Looking for a CISO position in Australia?
Browse our complete overview of CISO vacancies and security roles across Australia. Also read our 2026 salary trends for the latest market insights.
Browse Security Vacancies