isaca crisc, crisc, crisc training, crisc certification, Certified in Risk and Information Systems Control Professional training, Certified in Risk and Information Systems Control Professional certification
Risky business used to be a Tom Cruise movie from the ’80s, but in 2017 it’s a pretty fair description of the just about any commercial endeavor. This is particularly true in the IT industry, where even the companies that consult about IT security sometimes get hacked. Anyone feeling great about Deloitte’s data protection consulting services this week?
When it comes to IT risk management, one certification stands out above the rest. The Certified in Risk and Information Systems Control (CRISC) credential offered by ISACA is your must-have qualification, and it’s also a perennial staple of our Salary Survey 75 list, checking in this year at No. 17.
ISACA has numerous international chapters, but most of the certified professionals who responded to the survey — 75 percent of them, to be precise — live and work in the United States. The others checked in from 18 different countries around the globe: Australia, Bermuda, Canada, China, Denmark, Germany, Jamaica, Malta, Mexico, Netherlands, Norway, Pakistan, Peru, Romania, Spain, Switzerland, Trinidad and Tobago, and the United Kingdom. It’s good to be CRISC-certified in the United States, where credential holders enjoyed an average annual salary of $131,310 in 2016, with a median annual salary of $131,150. The numbers are pretty good elsewhere, however, with an average annual salary of $110,680 among all non-U.S. credential holders, and a median figure of $103, 750.
Most of the CRISC holders who responded to the survey are men (89.5 percent), though double-digit representation by women, who accounted for 10.5 percent of all respondents, is a rare and notable accomplishment. CRISC certification definitely skews older, with just 23.3 percent of those surveyed younger than 45, including 20 percent between the ages of 35 and 44. The largest single group of respondents are in the age 45 to 54 bracket (39.5 percent of those surveyed), with an additional 29.1 percent between the ages of 55 and 64, and 8.1 percent ripe to retire between the ages of 65 and 74.
The highest level of education attained by most CRISC holders is either a master’s degree (50.8 percent of those surveyed) or bachelor’s degree (28.2 percent), with a smattering of doctorates (4 percent) and professional degrees (1.6 percent). There is some room for aspiring CRISC-certified professionals without a university degree: 4 percent of respondents didn’t go any higher than an associate’s (two-year) degree, while 5.6 percent completed technical training (but never completed college), and 4.8 percent entered the workforce with nothing but a high school diploma.
Employment among CRISC holders is excellent, with 95.1 percent of respondents employed full-time, versus just 3.2 percent who are currently looking for work (plus a smidge who are either on sabbatical or employed part-time). Among those who have jobs, most are at least somewhat overworked, with 50 percent at the office for between 41 and 50 hours per week, and an additional 10.4 percent logging more than 50 hours per week. Only 27.4 percent of those surveyed have a standard 40-hour work week, with the rest adhering to a schedule of 39 or fewer hours per week.
If have a CRISC credential, then there’s an excellent chance that you have a management-level job or better. Nearly 60 percent of CRISC holders in the survey are either managers (12.1 percent of those surveyed), senior managers (21.8 percent), directors (15.3 percent) or executives (10.5 percent). Looking up from below are the 30.7 percent of respondents who are senior specialists, along with a handful of specialists (7.2 percent) and rank-and-file employees (2.4 percent).
Most CRISC holders, it would seem, are IT veterans. Fewer than one-third of respondents have worked in a role that directly utilizes one or more of their certified skills for either between 3 and 5 years ( 8.9 percent of those surveyed), between 6 and 8 years (7.3 percent), or between 9 and 10 years (11.3 percent). The remaining 72.5 percent of respondents have been plying their certified skills for more than a decade.
Finally, here’s the view of CRISC holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 54.8 percent
Several times a week: 25.8 percent
Several times a month: 11.3 percent
Occasionally: 7.3 percent
Rarely: 0.8 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 50.8 percent
Agree: 33.1 percent
Neither Agree nor Disagree: 14.5 percent
Disagree: 0.8 percent
Strongly Disagree: 0.8 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 28.2 percent
Agree: 38.7 percent
Neither Agree nor Disagree: 23.4 percent
Disagree: 8.1 percent
Strongly Disagree: 1.6 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 24.2 percent
Agree: 39.5 percent
Neither Agree nor Disagree: 29 percent
Disagree: 5.6 percent
Strongly Disagree: 1.6 percent
isaca crisc, cissp, cissp training, cissp certification, Certified Information Systems Security Professional training, Certified Information Systems Security Professional certification
- Certified in Risk and Information Systems Control (CRISC)
- ISO 27005 Risk Manager
- ISO 27005 Risk Manager with an Introduction to the Methodologies of Risk Management
- ISO 31000 Risk Manager
(2017). Salary Survey Extra: Deep Focus on ISACA CRISC. Recovered on 4 October 2017, from http://certmag.com/salary-survey-extra-deep-focus-isaca-crisc/