CRISC demonstrates the ability to identify and evaluate IT risk, and provide insight on that risk from an overall organizational perspective. Standard IT professionals often lack the skills to conduct a valid risk analysis. Having a CRISC-certified individual on staff is vital to ensure risk is properly scrutinized and business objectives are met.
Security manager and director are the most common job roles for a CRISC-certified professional, but a large percentage also work in information security, as a security engineer or analyst, or as a security architect.
To achieve this certification, you must pass the Certified in Risk and Information Systems Control (CRISC) exam, which consists of four domains:
IT Risk Identification
IT Risk Assessment
Risk Response and Mitigation
Risk Control, Monitoring and Reporting