CISA or CRISC
For those of you who have CISA and CRISC, is there one cert of those two that has helped your career more? Ultimately, I may end up pursuing both CISA and CRISC but need to choose one to start with. I'd like to go with the one that adds the most value.
When searching for jobs on Indeed.com across the entire USA, I see there about 6 times as many positions listing CISA vs CRISC. But I hear from people that CRISC is the up and coming cert and more prestigious. Is that right or just talk from people who have it?
Also, the official book from ISACA for the CRISC is only 204 pages and is $110 on Amazon. The McGraw Hill All in One Guide is 576 pages and is only $27. That's a big disparity. Which did you use?
For background, I've worked in IT\information security for about 19 years and earned the CISSP three years ago. I also have some vendor certs. In my information technology\security work, I do about an equal amount of sysadmin work, IT security auditing and risk management, specifically the U.S. government's Risk Management Framework, RMF.
Thanks in advance.
When searching for jobs on Indeed.com across the entire USA, I see there about 6 times as many positions listing CISA vs CRISC. But I hear from people that CRISC is the up and coming cert and more prestigious. Is that right or just talk from people who have it?
Also, the official book from ISACA for the CRISC is only 204 pages and is $110 on Amazon. The McGraw Hill All in One Guide is 576 pages and is only $27. That's a big disparity. Which did you use?
For background, I've worked in IT\information security for about 19 years and earned the CISSP three years ago. I also have some vendor certs. In my information technology\security work, I do about an equal amount of sysadmin work, IT security auditing and risk management, specifically the U.S. government's Risk Management Framework, RMF.
Thanks in advance.
Comments
-
FSF150 Member Posts: 119 ■■■□□□□□□□Are you doing/looking for more audit or risk management work? I did CISA before CRISC, and think both have added value, but CISA is probably the more widely known of the two.
Having CISSP already will also probably get you any interview for a CISA or CRISC listed job too (assumption on my part).
ETA: I believe the "average listed salary" for CRISC is also a bit higher than CISA, but my suspicion would be that's there's simply more senior risk managers getting that for credibility.First we drink the coffee. Then we do the things. -
chapter Member Posts: 14 ■■□□□□□□□□I did CRISC - I do not think it carries any weight to be honest....at least when compared to CISA. If take a look at the job market there are more requirements for CISSP, CISM & CISA ... having said that, the market is dynamic ...12 months from now things can change ..
With CISA you can work for the Big 4 ... more options....
I am looking at TOGAF or the CREST certs /OSCP .... those are my next targets -
scasc Member Posts: 465 ■■■■■■■□□□I have CISM/CISA and CRISC and for all of them I only used the Q&A book to understand the concepts. I have found that the CISA is asked more. However if you want to gain knowledge specifically around the risk lifecycle/risk management processes then the CRISC is good to do. However if its more for which one has more recognition then I feel its CISA.
Hope this helps.AWS, Azure, GCP, ISC2, GIAC, ISACA, TOGAF, SABSA, EC-Council, Comptia...