CISO Salary in the US: What Does a Chief Information Security Officer Earn in 2026?

CISO salary overview 2026: from VP-level to Fortune 500

CISO compensation in the US varies substantially based on company size, industry, geography and the scope of the role. The table below presents current base salary ranges derived from 2026 compensation surveys and executive recruiting data.

Note: Total compensation includes base salary, annual bonus (typically 20-40% of base), equity/RSU grants and benefits. At the highest levels, equity can represent 40-60% of total compensation.

Fortune 500 versus startup compensation

The structure of CISO compensation differs markedly between established Fortune 500 companies and venture-backed startups. Understanding these differences is essential for anyone evaluating opportunities in the US market.

Fortune 500 and large enterprise

CISOs at Fortune 500 companies receive the highest guaranteed compensation. Base salaries typically range from $300,000 to $400,000 or more, with annual bonuses of 25-40% and RSU packages vesting over three to four years. Benefits include comprehensive healthcare, executive retirement plans, deferred compensation and sometimes company car allowances. The trade-off is a more structured environment with established security programs and larger teams. Board-level reporting is increasingly common, with approximately 60% of Fortune 500 CISOs now reporting directly to the CEO or board.

Startups and growth-stage companies

Startup CISOs may accept lower base salaries in the range of $180,000 to $250,000, but they typically receive significantly larger equity grants. At a pre-IPO company, a CISO might receive stock options or RSUs worth $500,000 to $2,000,000 or more over four years. If the company goes public or is acquired at a high valuation, this equity can dwarf the total compensation available at an established enterprise. The risk, of course, is that equity may end up being worth little or nothing. Startup CISOs also tend to wear more hats, often building the security program from scratch with a small team.

The Silicon Valley premium

Geography continues to play a significant role in CISO compensation, though the widespread adoption of remote and hybrid work has narrowed the gap compared to pre-pandemic levels.

CISOs based in the San Francisco Bay Area and Silicon Valley earn 20-35% more in base salary than the national average. This premium reflects the concentration of technology companies, the intensity of competition for security talent and the high cost of living. New York City commands a similar premium, driven by financial services firms on Wall Street and a growing technology sector. Washington DC and Northern Virginia also offer above-average compensation, fueled by defense contractors, federal agencies and the cybersecurity firms that serve them.

Other technology hubs including Seattle, Austin, Boston and Denver offer competitive salaries that typically fall 5-15% above the national median. The growth of remote-first companies has created opportunities for CISOs to earn near-coastal salaries while living in lower-cost regions, though some companies are adjusting pay bands based on location.

Equity and RSU packages explained

Equity compensation is a defining feature of CISO packages in the US, particularly in the technology sector. Understanding how these packages work is critical for evaluating the true value of an offer.

• Restricted Stock Units (RSUs): The most common equity vehicle at public companies. RSUs vest over a schedule, typically four years with a one-year cliff. At large tech firms, annual RSU grants for CISOs range from $200,000 to $500,000 or more in value at the time of grant.
• Stock options: More common at startups, options give the right to purchase shares at a fixed strike price. The value depends entirely on the company's future valuation. Early-stage CISOs may receive options representing 0.1% to 0.5% of the company.
• Performance-based equity: Some companies tie a portion of equity to performance metrics such as security incident reduction, compliance audit outcomes or overall company targets. This can increase or decrease the actual payout from the initial grant value.
• Sign-on equity: To attract top CISO talent, companies frequently offer one-time sign-on RSU grants of $100,000 to $300,000 on top of the standard annual equity package.

CISO salary compared with other security leadership roles

To contextualize CISO compensation, the following table compares it with other senior security and compliance roles in the US market.

Tips for CISO salary negotiation in the US

Negotiating a CISO package requires a strategic approach that goes beyond base salary. The following recommendations are tailored to the US executive market.

Benchmark with precision: Use data from sources such as Heidrick and Struggles, Korn Ferry, Levels.fyi and the IANS CISO Compensation Survey to establish your market value. Be specific about your comparison set: company size, industry, region and reporting structure all matter.

Negotiate total compensation: In the US market, base salary is often the least flexible component. Focus negotiation energy on equity grants (initial and refresher), sign-on bonuses, annual bonus targets and acceleration clauses in the event of acquisition or termination.

Leverage your certifications: CISSP, CISM and CCISO remain the most valued credentials. Board-level experience and an MBA from a top program can add 15-25% to total compensation. Highlight any public speaking, published research or advisory board positions.

Quantify your track record: Present measurable outcomes from previous roles. Examples include breach cost avoidance, compliance certifications achieved, security program maturity improvements and reduction in mean time to detect and respond to incidents.

Evaluate the full package: Consider factors beyond cash and equity. Executive severance terms, D&O insurance coverage, board reporting structure, team size and budget authority all affect the true value and sustainability of the role.