Anyone interested in a career in risk assessment and interested to be a CISO, CIO, CFO, security director, chief compliance, risk manager and privacy officer professional check out the CRISC certification.
CRISC Certification, Risk and Information Systems Control
More than 25,000 people, since 2010, have earned the Certified in Risk and Information Systems Control (CRISC) credential. This certification identifies IT professionals who are responsible for implementing enterprise-wide information risk management programs. CRISC is the certification that prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.
The CRISC program was designed for IT professionals and the job practice domains, knowledge and supporting CRISC tasks are as follows:
- Domain 1 – Risk identification (27 percent)
- Domain 2 – Risk assessment (28 percent)
- Domain 3 – Risk response and mitigation (23 percent)
- Domain 4 – Risk and control monitoring and reporting (22 percent)
To achieve the CRISC certification, candidates must pass a 150-question exam, provide proof of work experience and complete the application. You must have a minimum of at least three years of cumulative work experience performing the tasks of a CRISC professional across at least two of the four CRISC domains. Of these two required domains, one must be in either Domain 1 or 2.
Unlike with other ISACA certifications, you can’t substitute education or other certifications for the work experience requirement, but ISACA gives you up to 10 years to gain experience after applying for certification or five years from the date you passed the exam.