If you’re in IT, risk management is likely a field you’re well aware of. The Certified in Risk and Information Systems Control® (CRISC®) certification shows that you’re an expert in risk management. 

What is the CRISC certification?

The CRISC certification is the only credential that focuses on enterprise-level IT risk management. Those who hold this certification help improve corporate governance, business resilience, and follow best practices to mitigate risks and threats. ISACA states: 

CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks.”

ISACA started offering the CRISC Certification in 2017. Since then, more than 30,000 professionals have earned the designation. It is ranked as one of the highest paying IT certifications in 2020 based on the 2020 IT Skills and Salary Report by Global Knowledge. 

Who Gets This Certification? 

The CRISC certification is not for beginners. ISACA recommends candidates be mid-career, and be either IT/IS audit or risk and security professionals. Individuals who manage company IT risk and control should look into this certification. Currently, there are over 30,000 certification holders. 

Here are a few other professional titles that could benefit from CRISC: 

  • Risk and Security Manager 
  • Information Systems or Business Analyst 
  • Information Systems Manager 
  • Operations Manager 
  • Information Control Manager 
  • Chief Information Security 
  • Compliance Officer

To receive the certification, you have to both pass the certification exam and have relevant work experience. ISACA recommends two prior qualifications for candidates:

  1. IT Risk Fundamentals certificate
  2. CISA certification a plus before starting

The average salary in North America for CRISC-certified professionals is $141,172, as reported by Global Knowledge. 

In order to gain this credential, individuals must have at least three years of experience in IT risk management and IS control. This experience will be verified by ISACA before one can receive their certification, even if you pass. 

What’s on the exam? 

The CRISC exam is made up of 150 multiple choice questions – there are no hands-on components like some other ISACA exams have. There are four hours allotted to complete the exam which covers four main domains:

  1. Governance – 26%
    • Organizational governance
    • Risk governance
  2. IT Risk Assessment – 20%
    • Risk identification
    • Risk analysis & evaluation 
  3. Risk Response & Reporting – 32%
    • Risk response
    • Control design & implementation
    • Risk monitoring & reporting
  4. Information Technology & Security – 22%
    • IT principles 
    • Information security principles 

You can review the full content outline here

Current registration fees are:

  • ISACA Member: US $575
  • ISACA Non-member: US $760

Why does risk management matter?

One word: hackers. Kidding – kind of. In all seriousness, cybersecurity is an ever-moving target. Any kind of data breach can cost a company millions, risk important personal information, and contribute to serious downtime. Security in transitions and data online is paramount and that’s not going to change. 

As online threats become more sophisticated, so too must the measures against them. Risk management professionals with top-notch skills will find themselves more and more in demand.