Organizations that must adhere to regulations for data security, financial accountability and consumer privacy increasingly find it difficult to do without someone to make sure internal processes are being carried out properly. This is exactly where the need for competent governance, risk, and compliance (GRC) professionals arises. The goal of GRC is to ensure that proper policies and controls are in place to reduce risk, to set up a system of checks and balances to alert personnel when new risks materialize and to manage business processes more efficiently and proactively. All kinds of job roles including CIO, IT security analyst, security engineer or architect, information assurance program manager and senior IT auditor require or benefit from a GRC certification. Read on to learn about some top GRC certifications.
Certified in Risk and Information Systems Control (CRISC)
CRISC from ISACA identifies IT professionals who are responsible for managing IT and enterprise risk and ensuring that risk management goals are met is one of the most sought-after GRC certifications by candidates and employers alike. A CRISC is often heavily involved with overseeing the development, implementation and maintenance of information system (IS) control designed to secure systems and manage risk. ISACA has issued over 20,000 CRISC credentials since 2010, a staggering number in the GRC certification field.
One must pass one exam that covers four domains to earn the CRISC: Domain 1 – IT Risk Identification, Domain 2 – IT Risk Assessment, Domain 3 – Risk Response and Mitigation, and Domain 4 – Risk and Control Monitoring and Reporting. Consisting of 150 questions, the exam takes up to four hours to complete and costs $575 (ISACA members) or $760 (nonmembers). The candidate must prove a minimum of three years of cumulative work experience in IT risk and information systems associated with at least two of the four domains. Additionally, one must adhere to the ISACA Code of Professional Ethics and comply with the CRISC Continuing Education Policy. According to Global Knowledge, CRISC professionals are among the highest paid of all certified professionals, with a median salary of $122,900.