Certifying Risk ProfessionalsISACA Waives Exam for Experienced Pros
In my conversations with leaders and industry experts, I constantly hear risk management as a priority within their organizations, as they are becoming more risk-aware and looking for qualified professionals with hands-on experience to fill this crucial role.
The reason is obvious: The future of managing enterprise risk and implementing effective controls is ultimately in the hands of its practitioners.
The future of managing enterprise risk and implementing effective controls is ultimately in the hands of its practitioners
Responding to this market demand is ISACA, the non-profit security organization that launched the Certified in Risk and Information Systems Control certification for IT risk professionals early this year. I was fortunate to speak with Urs Fischer, chair of the CRISC certification committee, who said:
"CRISC fills a gap that currently exists in the marketplace, as these individuals are seeking a designation that demonstrates a proven ability to design, implement, monitor and maintain effective risk-based information systems controls -- and the main objective for employers is to benefit from the ability to easily identify these professionals."
At present, the CRISC certification program contains a grandfathering provision that basically enables highly experienced IT security and risk professionals to earn the CRISC credential without taking an exam. Under this program, security professionals with eight or more years of IT and business experience can now apply for ISACA's new CRISC designation and get certified by submitting their applications for review based on CRISC's focus areas.
This opportunity is available to qualified professionals until March 2011. The first CRISC exam will be administered in June 2011.
The benefit of getting certified is big, as companies are on the lookout for qualified candidates for this critical responsibility.
"Individuals who have this certification will be extremely valuable to organizations because they can identify and represent the information risks and assist with the development of an information risk profile with the business population," says John Pironti, CRISC, president of IP Architects, LLC.
I am hoping security professionals grab this opportunity to build on their existing credentials and be better prepared for the future.