One who has at least five years of full-time experience doing in at least two of the following domains:
Business Continuity and Disaster Recovery Planning
Information Security and Risk Management
Legal, Regulations, Compliance and Investigations
Physical (Environmental) Security
Security Architecture and Design
Telecommunications and Network Security
However those possessing another certification included in an approved list, they only need four years of experience.