It's a good idea to have at least somewhat of an understanding. If you don't understand how security risks are made, it's more difficult (IMO) to defend against them.
Networking would also be important.
Programming specifically no - but you need to understand code to be good in IT security. Reason being aside from physical security most of the IT threats come from malware, virus's, trojans, ect. To have a firm grasp of what a specific set of codes / scripts does you need to understand the construct of programming in general. Do you need to be a C++, java or visual basic guru - no.
Also to get into security unless it's a NOC or some other type of Security Engineer you aren't going to see a ton of responsibility bestowed upon you until you have some experience. During that time you'll learn what to look for, what to stay up on and how to expand your skillsets.
I'm not a security engineer, but from what i've seen out of ours a lot of it is staying on top of current threats and ensuring your company is in the best position to not be infected, and if infected mitigate the threat. The hardest piece of security that in my opinion is educating your consumer base.
Well starting off a company unless extremely small generally won't hire someone for a security specific position with no experience. Generally speaking, security positions entry level will be a NOC or something similar. A lot of people i talk to that hold security jobs did not start off in security, they were a network engineer or system administrator and slowly moved into security.
So your first IT job probably won't necessarily be security related, but you will gain valuable experience that will net you a security job in the future.