It\u2019s a good time to be a CISO. In a market where analysts say there are over 1 million unfilled job openings, and with demand expected to rise to 6 million globally by 2019 -- according to the Palo Alto Research Center, if you do a good job other opportunities are sure to follow.Indeed, such is the market, that - as we reported last year, even poor performing CISOs, dismissed from previous jobs, get handed new opportunities time and time again.The average CISO lasts approximately 17 months - and significantly less for those heads of information security at firms that have been breached. It\u2019s no coincidence, such is the volatility of the job market, that many CISOs have jumped from permanent to CISO-as-a-service opportunities.Darren Argyle, recently appointed CISO at Australian airline Qantas and formerly of both IBM and Symantec, knows what differentiates the good from the bad.\u201cAn attractive CISO role is one that has a mandate from the board, with a commitment to benchmark and mature the capability,\u201d he told CSO Online. \u201c[The CISO also needs] clear accountability for overall strategy, program transformation and associated budget dedicated to cyber-security. [You also need] recognition from the executive that information security is a business problem.\u201dAndrew Hay, former CISO at storage start-up DataGravity and director of research at OpenDNS, says: \u201cI'm a builder, so a CISO role that lets me create or grow a security program is far more important to me than a higher salary and the babysitting of an existing program. Personally, I need to be stimulated and busy to add the most value to a business.\u201dQuentyn Taylor also knows a good job when he sees one - after all, the Canon EMEA director of information security has been in his for over 15 years.\u201cA good long term CISO job is one that is varied and interesting -- too many CISOs roles seem to focus on going into a brownfields site and fixing it. \u201cThis forgets that there are two different role profiles here; a short term problem-fixer and a long term role developer. The ideal job shouldn't be exclusively either but a mix of the two. Provision should also be made that the CISO should be able to mold the role into what they think is required (within reason) -- too many roles seem to be pure reactive roles. \u201cThe ideal long-term sustainable role is one where the CISO can make the role their own, be part of the business and help the organization grow in harmony with infosec."Avoiding the bad jobFor all of this, there\u2019s no doubting that there are plenty of \u2018bad\u2019 CISO jobs out there too. As some CISOs describe, you need to watch out for \u201cbabysitting\u201d CISO jobs, first-ever CISO jobs with little support from the business, and those jobs with weak CIOs (indeed, some would say you want to avoid jobs where you report to the CIO anyway, although there are ways of working better together with CIOs).Some say you also need to be wary of skills required as CISOs shift away from purely operational, deploying and managing security solutions and policies, to liaising closer with senior management on baking in security as a strategic enabler. Some have warned of breached firms but this can actually work to your benefit -- the first-ever CISO at UK broadband provider TalkTalk has reported been given \u201cfree reign\u201d to tighten up security following the firm\u2019s data breach in 2015.\u201cI've seen an increasing number of CISO roles, especially at vendor companies, that are CISO in title only,\u201d warns Hay. \u201cThis is often a marketing or business development role where the CISO title is used as collateral for opening doors to prospects, existing customers, press outlets, and conferences. Make sure you know what the role actually is and go in with your eyes open.\u201dFinding a good job can be difficult. A glance at LinkedIn and you\u2019ll find some security professionals discussing the limitations of recruiters, shall we say, from putting forward poor job opportunities to not truly understanding the applicant\u2019s background or level of expertise.Karla Jobbing, CEO of UK-based cyber-security recruitment agency BeecherMadden, says CISOs should \u201cconsider what excites you in a role and weigh that up against the opportunity\u201d.\u201cThere are more roles available now where you will not be the first CISO in place; for many this stage is exciting while some still want a greenfield site.\u201cBe careful of the roles where the brief does not seem clear. This is typically a sign of a company that is not sure about what they want. This is going to make it harder to succeed, or at best, it will be a long recruitment process where you need to be involved in refining the job description.\u201dWorking with recruitersSo, how should CISOs work with recruiters?\u201cCISOs need to be selective in their recruiter, ideally using a specialist in the sector, and then working discreetly with just one or two,\u201d says Jobbing. \u201cCISOs are in demand, and recruiters are aware that you receive many approaches daily. However, sending a stock response to all of them isn\u2019t going to get you very far.\u201cYou get out of this relationship what you put in so take time to meet your chosen recruiter and work closely with them on your target employers.\u201dArgyle adds: \u201cTake the calls from recruiters, you'll need them one day, you'll quickly weed out the good and bad. Be clear with them about you're looking for in terms of location of work and salary expectations, regardless of what you may already be on.\u201dHay agrees, adding CISOs must look at the wider picture: \u201cMake it clear the type of role you're looking for. Also, never settle for a role based on compensation or title. You need to find the job that best fits your career aspirations and individual needs.\u201dFinding the right job? Decide what\u2019s most importantHay believes CISOs can find the best job by taking it back to the basics.\u201cI know it might sound trite, but I always tell people to figure out what it is they want to "be when they grow up". Do you want to build? Do you want to maintain? Is being locked away in an office better for you or would you rather be a traveling CISO?\u201cAlso, something that is often overlooked, is asking "What's best for me, my family, and my work\/life balance?" Pick what works best for you and the ones you care about.\u201d\u201cFirstly, get a mentor, then start making your personal brand shine by sharpening up your CV or LinkedIn, ask for recommendations, write articles you're passionate about,\u201d says Argyle. \u201cAsk around for the good head-hunters and gauge the market.\u201dAnd in terms of getting that dream job, Jobling says that CISOs need to, much like their CIO counterparts, demonstrate embedding technology into business objectives.\u201cMake sure you are focused on building relationships with the business and making cyber into a business issue. This is especially important for the top-paying roles at the moment.\u201cIf you have ideas on how cyber can be involved with sales or customers, get this across. Also, ask a lot of questions about the role and expectations -- cyber is still new for companies, even if you are not their first CISO. You need to make sure that the role is shaped exactly how you expect, and how you want it to be.\u201dHow would you find the perfect job? Head to Facebook to let us know.