The top 6 governance, risk and compliance certifications

In-demand governance, risk and compliance (GRC) certifications

In the wake of several well-publicized corporate scandals about 15 years ago – Enron and WorldCom, to name two – and the passage of the Sarbanes-Oxley Act in 2002, organizations that must adhere to regulations for data security, financial accountability and consumer privacy can’t do without someone making sure internal processes are being carried out properly. Enter the need for competent governance, risk and compliance (GRC) professionals.

The goal of GRC, in general, is to ensure that proper policies and controls are in place to reduce risk, to set up a system of checks and balances to alert personnel when new risks materialize and to manage business processes more efficiently and proactively. Professionals with a GRC certification must juggle stakeholder expectations with business objectives, and ensure that organizational objectives are met while meeting compliance requirements. That’s an incredible amount of responsibility, and is absolutely necessary in today’s business climate.

All kinds of job roles require or benefit from a GRC certification, such as chief information officer, IT security analyst, security engineer architect, information assurance program manager and senior IT auditor, among others.

Read on to learn about our top six picks for GRC certifications.

top 6 GRC certifications – intro title

In-demand governance, risk and compliance (GRC) certifications

In the wake of several well-publicized corporate scandals about 15 years ago – Enron and WorldCom, to name two – and the passage of the Sarbanes-Oxley Act in 2002, organizations that must adhere to regulations for data security, financial accountability and consumer privacy can’t do without someone making sure internal processes are being carried out properly. Enter the need for competent governance, risk and compliance (GRC) professionals.

The goal of GRC, in general, is to ensure that proper policies and controls are in place to reduce risk, to set up a system of checks and balances to alert personnel when new risks materialize and to manage business processes more efficiently and proactively. Professionals with a GRC certification must juggle stakeholder expectations with business objectives, and ensure that organizational objectives are met while meeting compliance requirements. That’s an incredible amount of responsibility, and is absolutely necessary in today’s business climate.

All kinds of job roles require or benefit from a GRC certification, such as chief information officer, IT security analyst, security engineer architect, information assurance program manager and senior IT auditor, among others.

Read on to learn about our top six picks for GRC certifications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 1. Certified in Risk and Information Systems Control (CRISC)

One of the most sought-after GRC certifications by candidates and employers alike is the CRISC from ISACA, which identifies IT professionals who are responsible for managing IT and enterprise risk and ensuring that risk management goals are met. A CRISC is often heavily involved with overseeing the development, implementation and maintenance of information system (IS) controls designed to secure systems and manage risk. Since 2010, ISACA has issued over 18,000 CRISC credentials, which is a relatively high number in the GRC certification field.

The CRISC exam covers four domains: Risk Identification (Domain 1), Risk Assessment (Domain 2), Risk Response and Mitigation (Domain 3) and Risk and Control Monitoring and Reporting (Domain 4).

Requirements: Pass one exam (150 questions, four hours), prove a minimum of three years of cumulative work experience in IT risk and information systems associated with at least two of the four domains, adhere to the ISACA Code of Professional Ethics and comply with the CRISC Continuing Education Policy.

Exam cost: $440 to $675, depending on whether you are an ISACA member and when you register.