Welcome @AlanSimonin; good question.
Another parallel question to this, on my way of thinking, is to ask: "What kind of jobs in IT Security are there?". Honestly I could not tell you all, but my approach to entering the industry (I am at an entry level too) was:
I tried to find out what types of jobs there were at an entry level and compare/contrast them to my skills, my liking and how I could get there: Junior Penetration Testing and Security Analyst, for instance. Then, once I had compiled a (very) small list of entry level IT Security Jobs, I looked at my background.
Then, I also considered the type of business (Financial institutions, Security Consultancy, etc).
For a Security Analyst for example, my view is that in some cases you only need a Computing Degree and be able to prove on your CV or Covering Letter that you do have a very keen interest in Security. How do you prove it? By demonstrating participation in blogs, or having your own website, or by publishing papers on researches you do. These researches do not necessarily need to be original, or revolutionary, but consistent in showing that you are capable of organizing your thoughts and having a good structure to present it.
I am currently working in IT Security Management for a financial institution; answering your question, what it is like working there? First of all, it is great. I love my job, the hours are flexible, I have the option to work from home, and my Team is small but a bunch of really nice and helpful people. A lot of what I do is related to creating and improving process for handling incident response, Firewall Access Requests, DDoS, Vulnerability Management, liaising pentesting with projects to come, log analysis, etc. So it is pretty much an IT management role with almost all of its focus on Security: I love it. I spend a lot of time exchanging e-mails and using Word and Excel (...world is not perfect). Another thing I do is being a member of our CAB (Change Advisory Board, which if a project needs to implement any changes within the infrastructure, the project manager has to go through approval from the CAB's members). I also have some technical stuff too, but that is for me to support the management of wider scope. I get paid very well considering this is an entry level job. I also get extra money for working OnCall.
In terms of certifications to take, don't go too crazy on them. Specially because they are very expensive and whenever you start joining companies, they will likely invest on you and pay for your training and certifications as it happened to me already. Do you have a stronger coding or networking background?
Answering your next question, whether this is an academic matter? Good question, actually very good one: The Degree is your foot on the door. It helps you getting your first job; your following jobs will be based primarily on your experience and prestige within the Security community. To be honest, in terms of what I learnt at University, I am using very little at work. Most of the things I am using at work came from my own independent curiosity in learning. Let's put it this way: suppose you know someone important in a security company that knows your way of thinking, your moral integrity and acknowledges your passion for security. It is very likely that - if this person is really open-minded about security - will give you a Security Analyst job even though you might not have a Degree. A Degree in my opinion is a way a future employer has to know that you (as someone this employer does not know) have spent enough time to prove that you really enjoy your area of study: it does not prove knowledge or experience; other than that, I believe Security Degrees are pretty useless. The same applies for certifications. I have worked with highly skilled pentesters that don't even have a Degree! I swear. But of course, if you want credibility you got to have a couple of certificates under your sleeve.
Finally, just to throw an idea back at you, if you do not have a very strong technical background, but enjoys the Security way of thinking, do some researches in anti-fraud and e-crime prevention within financial institutions: they don't pay as much as the security in IT, but there has been a new trend of merging those two disciplines together (i.e. anti-fraud and IT). Perhaps by getting into one, you could use it as a way of sneaking into the other as someone I know has done already. (Apologies for being so prolix)