⚡ Key Takeaways

Africa holds roughly 20,000 certified security professionals across 1.4 billion people, and Algeria alone needs to fill thousands of CISO and deputy-CISO roles by 2029 under Decrees 20-05 and 26-07. Senior bands now stretch from DZD 200,000/month for security engineers to DZD 700,000+/month for CISOs at large banks and ministries.

Bottom Line: Budget a 12-month CISSP or CISM path now and push your employer to fund it as a strategic investment, not a personal benefit.

Read Full Analysis ↓

Advertisement

🧭 Decision Radar

Relevance for Algeria
High
Decrees 20-05 and 26-07 institutionalize CISOs across public institutions and CII sectors, creating thousands of senior openings by 2029.
Action Timeline
Immediate
Public institutions had 90 days from Decree 26-07 to designate a CISO; certification pathways (CISSP, CISM) take 6-18 months and should start now.
Key Stakeholders
Security engineers, IT managers seeking upskilling, university students at ESI/ENSIA/USTHB, HR leaders at banks and public enterprises
Decision Type
Tactical
Certification choice, sector targeting and employer selection are career-stage decisions within a clear strategic frame.
Priority Level
High
Structural under-supply means first-movers capture the top compensation band and define the role for the decade.

Quick Take: If you are a security engineer with three or more years of experience, commit to CISSP or CISM in the next 12 months, aim for a banking, telecom or energy employer with an active CII mandate, and negotiate certification funding up front — the leverage is yours for the next three years.

The decree that created a career category

On 20 January 2020, Algeria issued Presidential Decree No. 20-05, establishing a national system for the security of information systems. Among its less-headlined but most consequential provisions: every state information system must appoint a Chief Information Security Officer (CISO) responsible for governance, risk and incident response. The same decree created the National Council for the Security of Information Systems (CNSSI) and the National Agency for the Security of Information Systems (ANSSI, now operating as ASSI under the Ministry of National Defence).

For four years, Decree 20-05 was honored unevenly. Many public institutions treated the CISO designation as a paper exercise, layering it onto an existing IT manager’s responsibilities. That era ended on 7 January 2026. Decree 26-07 — published in the Official Gazette on 21 January 2026 — clarified the CISO’s authority, reporting lines, and minimum competency requirements, explicitly stating that CISOs must have demonstrable cybersecurity expertise. The cyber function must now sit organizationally distinct from IT management and report directly to the head of the institution.

That single clause reshapes the Algerian job market.

Who the mandate now covers

Decree 20-05 originally applied to all state information systems. Decree 26-07 extended and operationalized the requirement across public institutions — ministries, agencies, public enterprises — and by sectoral extension now reaches into the six Critical Information Infrastructure (CII) categories named in the National Cybersecurity Strategy 2025-2029: energy, telecommunications, water, transportation, financial services, and government services.

In practical terms, this means:

  • Every ministry and central agency needs a CISO with formal authority and a dedicated team.
  • Public enterprises (Sonatrach, Sonelgaz, Algérie Télécom, Mobilis, Algérie Poste, Air Algérie, Naftal and the public banks) are squarely in scope.
  • Private CII operators — private banks, private clinics with electronic patient records, private telecom and cloud providers — are being folded in through sectoral rulebooks.

The aggregate demand is significant. A conservative estimate based on public-sector headcount and sectoral coverage points to several thousand formal CISO and deputy-CISO positions needing to be staffed — or re-staffed with qualified professionals — before the end of the strategy window in 2029.

The salary picture

Algeria’s general cybersecurity salary baseline is still modest in global terms. Public aggregators place the average cybersecurity professional salary at around DZD 69,000–73,000 per month, with engineers earning slightly above. That baseline is below the national tech average — but it is a lagging indicator. Decree 26-07’s competency requirement is actively pushing compensation upward.

Anecdotal hiring data from Algiers-based recruiters and the ecosystem around firms like EKSec suggests:

  • Mid-level security engineer (3-5 years): DZD 120,000–180,000/month
  • Senior security engineer / team lead: DZD 200,000–280,000/month
  • Deputy CISO / CISO (mid-size public enterprise): DZD 280,000–450,000/month plus allowances
  • CISO (large bank, major public enterprise, ministry): DZD 450,000–700,000+/month, often with executive benefits

Private banks and energy-sector employers are pulling the top of that range upward. Multinationals with Algeria operations — oil services, telecom vendors, French and Gulf firms — increasingly offer hybrid packages combining a local DZD salary with a foreign-currency retention component.

Advertisement

The competency requirement — and how to meet it

Decree 26-07 is not specific about which certifications it accepts, but ASSI has signaled alignment with internationally recognized credentials:

  • CISSP (ISC2) — the most respected senior credential globally.
  • CISM (ISACA) — particularly valued in banking and regulated sectors.
  • ISO/IEC 27001 Lead Implementer / Lead Auditor — highly relevant given Algeria’s regulatory emphasis on audits.
  • CEH / OSCP — more operational, but valued in red-team and SOC roles.
  • CCSP (ISC2) — cloud security, increasingly required as Algerian institutions migrate to sovereign cloud.

Domestic pathways matter too. ESI Algiers, ENSIA, USTHB, the Military Polytechnic School and private training providers (EKSec, BINAA, CyberCity) offer dedicated tracks. The National Cybersecurity Strategy 2025-2029 is structurally linked to 285,000 new vocational training places spanning IT and cybersecurity — the policy scaffolding for the talent pipeline.

For professionals aiming at a CISO role within three to five years, the realistic curriculum is a combination of one domestic degree (ideally from ESI or ENSIA), at least one international certification (CISSP or CISM), sectoral experience (banking, telecom, energy), and demonstrable incident-response experience.

What employers need to do

On the demand side, Algerian institutions cannot wait for the talent market to catch up. The realistic playbook:

  1. Promote from within. The fastest path to a credible CISO is to elevate an experienced security engineer or infrastructure lead and fund their certification track. Recruiting a ready-made CISO on the open market is expensive and slow.
  2. Fund certifications explicitly. Treat CISSP, CISM and ISO 27001 training as strategic investments, not personal benefits. Many Algerian institutions still ask candidates to self-fund — that approach will lose talent in a tightening market.
  3. Build deputy pipelines. Decree 26-07 means every CISO needs a credible number two. Designate and develop that second seat now.
  4. Participate in university partnerships. ESI, ENSIA and USTHB are actively building industry partnerships. Institutions that sponsor chairs, internships and applied-research projects will have first pick of graduates.

The career signal

For Algerian technologists weighing specialization, the signal is unusually clear. The combination of Decree 20-05 (creating the role), Decree 26-07 (enforcing competency), the National Cybersecurity Strategy 2025-2029 (setting the sectoral perimeter), and structural under-supply (Africa’s 20,000 certified professionals across 1.4 billion people) makes cybersecurity leadership one of the highest-leverage career bets available in Algeria this decade.

The organizations that figure this out first — and the professionals who get the credentials early — will define the market for the next ten years.

Follow AlgeriaTech on LinkedIn for professional tech analysis Follow on LinkedIn
Follow @AlgeriaTechNews on X for daily tech insights Follow on X

Advertisement

Frequently Asked Questions

What does a Chief Information Security Officer earn in Algeria in 2026?

Compensation bands vary with employer and sector. Mid-level security engineers earn DZD 120,000-180,000/month; senior engineers DZD 200,000-280,000; deputy CISOs or CISOs at mid-size public enterprises DZD 280,000-450,000; and CISOs at large banks, ministries or major public enterprises DZD 450,000-700,000+/month, often with executive benefits and foreign-currency retention components at multinationals.

Which certifications does ASSI accept for the CISO mandate?

Decree 26-07 is not specific, but ASSI has signaled alignment with CISSP (ISC2), CISM (ISACA), ISO/IEC 27001 Lead Implementer/Lead Auditor, CEH or OSCP for operational roles, and CCSP for cloud-heavy environments. Most Algerian employers treat CISSP or CISM as the senior-track default.

Do private companies also need to appoint a CISO?

Decrees 20-05 and 26-07 explicitly bind public institutions, but private operators inside the six CII sectors (energy, telecom, water, transportation, financial services, government services) and private CII-adjacent entities (private banks, private clinics with electronic patient records, cloud providers) are being folded in through sectoral rulebooks in 2026-2027.

Sources & Further Reading