Figuring Out ISACA Certifications for Cybersecurity Careers: ③ CRISC
In this third piece of the “Figuring Out ISACA Certifications for Cybersecurity Careers”, I’m introducing the certificate titled Certified in Risk and Information Systems Control (CRISC). You can skip towards the end for more information on prerequisites and salaries you can earn with CRISC.
ISACA (Information Systems Audit and Control Association®) is one of the world’s leading education and certification center for IT professions including cybersecurity. Started in 1967 by a small group of individuals, ISACA has become a “… centralized source of information and guidance in computer systems as well as an education foundation to undertake large-scale research efforts to expand the knowledge and value of the IT governance and control field.” Accepted widely across sectors, ISACA offers a myriad of education programs in addition to powerful certificates.
Here are eight cybersecurity certificates offered by ISACA, with some of the certifications being cumulative ‘composites’ of several certificates:
- Information Technology Certified Associate (ITCA) (Read about it here)
- Certified Information Systems Auditor (CISA) (Read about it here)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Security Manager (CISM) (Read about it here)
- Certified Data Privacy Solutions Engineer (CDPSE) (Read about it here)
- Certified in Governance of Enterprise IT (CGEIT)
- CSX Cybersecurity Practicioner (CSX-P)
- Certified in Emerging Technology (CET)
Let’s take a look at the third certificate on the list: Certified in Risk and Information Systems Control (CRISC). According to the information provided by ISACA, the CRISC is mostly for mid-level IT/IS audit, risk and security professionals looking for career growth in IT risk-related areas. Overall, CRISC is very useful for showcasing expertise in governance best practices and continuous risk monitoring and reporting. This type of expertise is currently in high demand as corporations look to enhance their business resilience and improve stakeholder value, not to mention achieve smoother regulation compliance.
Having CRISC in your CV will grant immense credibility in your interactions with internal stakeholders, regulators, external auditors, and customers. However, there is an experience requirement for taking up CRISC unlike ITCA. The applicant is expected to have 1–3 years of experience in IT risk and/or security and audit. Also, early career candidates are required to obtain IT Risk Fundamentals certificate. Having the CISA certification before starting is considered a plus. Making the effort to get the CRISC is meaningful if you are aiming to become either of these below:
- Chief Information Security or Compliance Officer (Average annual US base salary in 2022: $229,610)
- IS Manager (Average annual US base salary in 2022: $137,359)
- Information Control Manager (Average annual US base salary in 2022: $133,913)
- Risk and Security Manager (Average annual US base salary in 2022: $119,286)
- Operations Manager (Average annual US base salary in 2022: $108,397)
- IS or Business Analyst (Average annual US base salary in 2022: $82,218)
The training for the certificate is completely knowledge-based without any hands-on lab-based training, so the process can be done entirely online. Since mid-career IT professionals can easily get a nice bump up in annual salaries with potential career switches, CRISC is worth pursuing for many of us interested in cybersecurity careers.
Source: History of ISACA, ISACA Credentialing, Glassdoor, Payscale, Indeed
Note: You can read more on ITCA here, CISA here as well as CISM.
