Big interview coming up, 2hour long, salary 85-110k!

Hey all,
So i connected with a recruiter at the beginning of the week, didn't hear for him in a few days and then yesterday he asked me about my availability for interviews.
Long story short, he has an interview setup for me on Tuesday. I am to meet with the Director,Head of Information Security for 1 hour and following that i will meet with the Director of HR.
Now this position is on the range of 85-110k+ bonus, I'm currently at 70k including bonus. That's the money detail, the important thing about this and what concerns me is that it is not directly an IT operational role or technical role, which I'm familiar with. This position is more of an IT compliance role, audit, policy and procedure creations, yearly or quarterly compliance reviews and the like. Even though i touch on this on a regular basis, I'm not involved directly. Should i be afraid of compliance question?
Also what has me worried a bit is that fact that I'm meeting with 2 people from 2 different departments for 1 hour each.
Last interview i had was almost 3 years ago! How should i approach this? I mean i want the job because it's good money but at the same time i don't want to write reports and policies and compliance stuff for a long time but i do want the experience from it. I don't want to seem that I'm not passionate about the role. I'm a hard working person and I've tackled a lot and moved up in my years in IT, how do i make them see my personality though in an area where my skills are not 100%?
Anyways, just wanted some advise from people that work in IT compliance or similar roles or who have gone on interviews when they lacked some skills.
General interview advice is also appreciated!
thanks!

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

JoJoCal19

I have a lot of experience in policies, procedures, and GRC work. And right now I'm doing a lot of PM and audit work. I will tell you, don't do it for the money. GRC/Audit is "boring" and if you're not into it, you'll end up being miserable and the money may not be worth it. As far as your prep, I would go to the ISACA site and read the COBIT 5 PDFs, and also hit up their whitepaper section and read up on the GRC whitepapers.

Kinet1c

It sounds like you'll be a spreadsheet jockey for most of your time. I know in the last company, the auditors would do checklists and then ask people to comply if they appeared on said checklist. Highly boring if you're technicaly minded. Most likely you'll spend time in a lot of meetings suffering death by powerpoint.

dou2ble

Conducting audits and writing policies can be boring. Depends on your career goals and might be a step that benefits you. Do you enjoy reading and learning theory? In security there's a lot of this. Sometimes I say I get paid mostly for the knowledge in my head because I can consult on the spot and not go to google first. If you're a hand on techie you probably won't enjoy this. But if you'd like to do some security engineering consulting then knowing the policies and how they're audited will help. IMO, there's more opportunity for higher salaries in security. So if you can enjoy it why not go for it! Do the 9-5 to live the 5-9 you desire.

Also, 2 hour interview (1 hr per person) isn't that long. It might be for smaller companies. But I've had anything from 1 hour interviews and then hired, to multiple interviews on different days spanning weeks with each one being 1 to 3 hours before receiving an offer.

anhtran35

Death by PowerPoint comment just made me spill my coffee!!! LOL!!!

Cyberscum

GRC is boring. Good pay but Sllloooooowowwwwwwww work. I have only known one person that liked it and that guy is not me

But if the money is right and you like the work go for it!

TheFORCE

Thanks all! I kinda figured the role might be boring but i am a patient type of person and i think i can endure the boredom a bit and then just go nuts at the gym lol. Anyway, at this point it is only an interview and since it has already been scheduled i will go there and see what it is all about. There are factors in play here that i want to do this. Mainly, my long term goal is to become a manager and have my own team, in order for me to do that i will have to have some good experience to show on my resume. I believe that this is a VP level position since i will be reporting directly to the Head of IT Security, and 2nd even though i have 5 years in IT security, it has been as an analyst. I think that if i was to get this position it would make me more marketable in the future if i have experience both in a technical sense and a documentation creation role. I think the experience from both plus my CISSP will allow me to go for that managerial position when the opportunity arises. Also, i think i have hit a plateau in my current role at the company and learning something new might be a good change for the mind. So, i'll just give it a try, have nothing to lose anyway, for the moment at least.

anhtran35

TheFORCE wrote: »

Thanks all! I kinda figured the role might be boring but i am a patient type of person and i think i can endure the boredom a bit and then just go nuts at the gym lol. Anyway, at this point it is only an interview and since it has already been scheduled i will go there and see what it is all about. There are factors in play here that i want to do this. Mainly, my long term goal is to become a manager and have my own team, in order for me to do that i will have to have some good experience to show on my resume. I believe that this is a VP level position since i will be reporting directly to the Head of IT Security, and 2nd even though i have 5 years in IT security, it has been as an analyst. I think that if i was to get this position it would make me more marketable in the future if i have experience both in a technical sense and a documentation creation role. I think the experience from both plus my CISSP will allow me to go for that managerial position when the opportunity arises. Also, i think i have hit a plateau in my current role at the company and learning something new might be a good change for the mind. So, i'll just give it a try, have nothing to lose anyway, for the moment at least.

Next up? PMP.

TheFORCE

Ok, I'm back again for some advice and still hoping. I was not expecting this but the interview went well, we talked about the position, my background and IT Security in general. Very easy going interview. The IT Head I interviewed for he was also a CISSP so that helped talk about CISSP topics. He asked some questions and I gave him good answers having passed recently.

Anyway, the boss of my recruiter called me over the weekend and basically said i did well and they are expecting to schedule me for a second interview. I got my hopes up and was all excited. Then comes Monday and didnt hear anything, then on Tuesday my recruiter called and he asked me what did i think about the interview? Then he tells me that the IT Head and the HR person I interviewed with thought that i was over qualified for the position and that their concern was that i might not stay for a long period of time! Needless to say all my hopes came crashing down and the only thing i could think of was... why would any company not want to hire someone that is over qualified? Especially in IT security, I beleive that over qualifications are a good thing. If someone is applying for the job that means they are interested.

I connected with the IT head on Linkedin and asked my recruiter if it would be a good idea to follow up with him directly. My recruiter said that if i was to do that he would like to read what i have to say first before sending the message out.
What do you guys think? Have i lost my grip for this role?

pinkydapimp

TheFORCE wrote: »

Ok, I'm back again for some advice and still hoping. I was not expecting this but the interview went well, we talked about the position, my background and IT Security in general. Very easy going interview. The IT Head I interviewed for he was also a CISSP so that helped talk about CISSP topics. He asked some questions and I gave him good answers having passed recently.

Anyway, the boss of my recruiter called me over the weekend and basically said i did well and they are expecting to schedule me for a second interview. I got my hopes up and was all excited. Then comes Monday and didnt hear anything, then on Tuesday my recruiter called and he asked me what did i think about the interview? Then he tells me that the IT Head and the HR person I interviewed with thought that i was over qualified for the position and that their concern was that i might not stay for a long period of time! Needless to say all my hopes came crashing down and the only thing i could think of was... why would any company not want to hire someone that is over qualified? Especially in IT security, I beleive that over qualifications are a good thing. If someone is applying for the job that means they are interested.

I connected with the IT head on Linkedin and asked my recruiter if it would be a good idea to follow up with him directly. My recruiter said that if i was to do that he would like to read what i have to say first before sending the message out.
What do you guys think? Have i lost my grip for this role?

Did you send an initial thank you email? If not, id reach out on linkedin and do so. If you are interested let him know that.

Danielm7

TheFORCE wrote: »

why would any company not want to hire someone that is over qualified? Especially in IT security, I beleive that over qualifications are a good thing. If someone is applying for the job that means they are interested.

Typically because they know that many times people interview that are overqualified because they really need a job and are stuck. Then, since they are overqualified when something that more closely fits their abilities/pay grade they'll jump to it immediately.

Strange though, you said it's a new area of security for you, a huge pay bump, and they are concerned you're overly qualified.

E Double U

TheFORCE wrote: »

why would any company not want to hire someone that is over qualified? Especially in IT security, I believe that over qualifications are a good thing.

I guess the concern about hiring someone that is overqualified is that person can become bored. Someone with less experience will take more time to grow into the position so he/she would stay longer. Plus people like that are easier to mold. People that know their stuff can be harder to train because they feel they already know what they are doing.

Also, people with more qualifications tend to want to be paid higher on the position's pay scale

anhtran35

Sounds like BULL CRAP. There can be many reasons why you didn't get the job. Internal candidate? Already had a friend in mind? Etc...
My attitude is if you don't want me...fine...I'll go elsewhere.

MeanDrunkR2D2

I read "over-qualified" as in they don't think they could get you at the lower end of their salary range and need someone at or even under 85k ideally. They may think that you'll be closer to the 115k mark and figure if they can save 30k by getting someone "less qualified". Basically what they are saying that they like you, but not 115k like you. Or, they have an internal or friend of the hiring manager (Or maybe a family member to a C-level employee that expects them to hire that person for the job) and they may be pressured into going with that person instead of you.

Don't take it personally or dwell on it. They made their decision and I'd just move on and not look back. No matter how nice you may be or well written a reply may be to that guy, it will come off as desperate. There may be a future position with that company and you may not want to potentially burn that bridge by being hurt by their decision by going elsewhere.

I've found many companies will use the over qualified response when they do like the person, but don't like the salary that they would have to offer to get and then keep that employee long term. It's the business way of breaking up with a person and saying "It's not you, it's me".

jibbajabba

BTW., since you technically didn't get the job, I personally don't see a reason why you should have the response proof read by the recruiter. I know he is after his commission, but at this stage he didn't do his job and failed (understanding the requirements and candidate profile).

I would also connect and maybe just send him a message and thank for that opportunity. If this is a job you really want or a company you really want to work for, keep them updated. Maybe even ask him if it is alright to send him an updated CV / Resume in the future.

If the job wasn't that special, just move on.

If he agrees, ask for his email address.

I have the feeling they made their mind up and trying to turn things around could sound desperate.

TheFORCE

Danielm7 wrote: »

Typically because they know that many times people interview that are overqualified because they really need a job and are stuck. Then, since they are overqualified when something that more closely fits their abilities/pay grade they'll jump to it immediately.

Strange though, you said it's a new area of security for you, a huge pay bump, and they are concerned you're overly qualified.

The IT head was the one that initially asked to connect on LinkedIn so i felt that I wouldn't have to send a thank you email, maybe i took it as granted that I was going to get invited a 2nd time. But I might have to follow up for sure.

Daniel, I thought the same thing. My experience is not directly involved with what I would be doing in this position. This role would have been completely new to me but also a role that i could use my past experience. This was an Associate position and I'm coming from just an Analyst role, also I would have been the 2nd in command in terms of IT Compliance and Governance issues, so there was definitely growth opportunities and since it would have been a high level position working closely with the IT Head, I would probably make this company my home.
The funny thing is that even if they had offered me the lower range, I would still go for it, It would still have been a a good 20% jump salary wise for me, my commute would get reduced in half also.

But you guys are right, no reason dwelling about it, I will see if I hear anything back today and then send a message out to them to thank them and maybe plead my case a second time. I just don't understand it, because they told me they needed someone technical and I went there exposing my technical knowledge to the fullest. oh well, we have to keep looking forward i guess.

mjsinhsv

What happened on this? Did you ever hear back from them?

TheFORCE

mjsinhsv wrote: »

What happened on this? Did you ever hear back from them?

No I did not and I didn't make an attempt to contact them either. After the initial pondering of why this and why that, I got over it. I figured if they thought I was over qualified in the 1st round let them get someone that will do a mediocre job I guess. I'm pursuing other opportunities.

robS

Hate it when that happens.

At the end of the interview did you ask the caned question "do you have any concerns about my suitability for the or were there any answers I gave earlier that you'd like me expand on?"

If they said no and still thought you were overqualified then it's not because you're overqualified, they probably found someone better/cheaper and overqualified is a professionally & socially acceptable reason to give.

Good luck with the next one.

TheFORCE

robS wrote: »

Hate it when that happens.

At the end of the interview did you ask the caned question "do you have any concerns about my suitability for the or were there any answers I gave earlier that you'd like me expand on?"

If they said no and still thought you were overqualified then it's not because you're overqualified, they probably found someone better/cheaper and overqualified is a professionally & socially acceptable reason to give.

Good luck with the next one.

I actually did ask them, that exact question or something similar to it. I asked them, "Now that you have interviewed me, seen my resume and have gone over my resume, do you have any concerns about my ability to perform and be productive in this position?" They said, "No concerns at all, everything went great, I will contact the HR rep to call you back for a 2nd round since we still have 2 more candidates to interview" So I was like ok, sounds good to me. Then the next day I added the CIO on LinkedIn and he accepted, at this point I thought maybe he was telling the truth but i guess everyone accepts LinkedIn requests lol.

Thechainremains

this is precisely why i always say.. Generally " Companies.. Employers... couldnt give a RIP about you, you're experience or how much qualifications you have.. "

NEVER vest yourself into a potential-employer beyond pure execution from the moment you arrive early up until you EXIT.. put your best foot forward in everyway you can.. to make the lasting impression and then just MOVE on..

If they dont want you.. they dont want you.. it's JUST that simple.

thehayn1

EXCATLY what Thechainremains said, it's like buying a house, remove ALL emotion and don't be invested in the companies you're applying at. Fire out the shots and what hits, hits... if not, press on

Kinet1c

Completely agree with the above. It's a potential business transaction whereby both parties want to extract as much value as possible.