Career Insights with Upasana Gupta

Certifying Risk Professionals

ISACA Waives Exam for Experienced Pros
Certifying Risk Professionals

I get excited when I hear about education and training opportunities for IT security practitioners, especially in fields such as risk management, which is strategically shaping and defining the profession and its future.

In my conversations with leaders and industry experts, I constantly hear risk management as a priority within their organizations, as they are becoming more risk-aware and looking for qualified professionals with hands-on experience to fill this crucial role.

The reason is obvious: The future of managing enterprise risk and implementing effective controls is ultimately in the hands of its practitioners.

Responding to this market demand is ISACA, the non-profit security organization that launched the Certified in Risk and Information Systems Control certification for IT risk professionals early this year. I was fortunate to speak with Urs Fischer, chair of the CRISC certification committee, who said:

"CRISC fills a gap that currently exists in the marketplace, as these individuals are seeking a designation that demonstrates a proven ability to design, implement, monitor and maintain effective risk-based information systems controls -- and the main objective for employers is to benefit from the ability to easily identify these professionals."

At present, the CRISC certification program contains a grandfathering provision that basically enables highly experienced IT security and risk professionals to earn the CRISC credential without taking an exam. Under this program, security professionals with eight or more years of IT and business experience can now apply for ISACA's new CRISC designation and get certified by submitting their applications for review based on CRISC's focus areas.

This opportunity is available to qualified professionals until March 2011. The first CRISC exam will be administered in June 2011.

The benefit of getting certified is big, as companies are on the lookout for qualified candidates for this critical responsibility.

"Individuals who have this certification will be extremely valuable to organizations because they can identify and represent the information risks and assist with the development of an information risk profile with the business population," says John Pironti, CRISC, president of IP Architects, LLC.

I am hoping security professionals grab this opportunity to build on their existing credentials and be better prepared for the future.

About the Author

Upasana Gupta

Upasana Gupta

Contributing Editor, CareersInfoSecurity

Upasana Gupta oversees CareersInfoSecurity and shepherds career and leadership coverage for all Information Security Media Group's media properties. She regularly writes on career topics and speaks to senior executives on a wide-range of subjects, including security leadership, privacy, risk management, application security and fraud. She also helps produce podcasts and is instrumental in the global expansion of ISMG websites by recruiting international information security and risk experts to contribute content, including blogs. Upasana previously served as a resource manager focusing on hiring, recruiting and human resources at Icons Inc., an IT security advisory firm affiliated with ISMG. She holds an MBA in human resources from Maharishi University of Management, Fairfield, Iowa.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.