CISM Employment Requirements

jechrinjechrin Registered Users Posts: 1 ■□□□□□□□□□
I passed the CISM exam back in April 2013, I am new to the Security field, but have had plenty of years experience as a external auditor doing financial audits. I have been working as a IT Audit Consultant for the past year (Sept 2012 - Nov 2013), I am now a IT GRC Consultant for a new company. I was heavily involved in all aspects of security with my role as an IT Audit Consultant for my old company, and now act as a consultant (developing, automating, administering) to a GRC Product (Similar to RSA Archer/Modulo). I was wondering if this experience as a consultant can be applied to the information security management section for the work requirement to be a CISM? I have an graduate degree in MIS, so all I need now would be one more year in consulting in order for me to have my certification if I could apply that experience to the information security part of the CISM work experience.

Part 3.) of the CISM Requirements mention Security employment requirements:

Three (3) of the five (5) years of work experience must be gained performing the role of an information security manager. In addition, this work experience must be broad and gained in three of the four job practice areas (see reverse side of Verification of Work Experience form). The management portion of this experience must be earned while in an information security management position with responsibility for information security management programs or processes, or while working as an information security management consultant (where the CISM candidate has been actively engaged in the development and/or management of information security programs or processes for the client organization(s).



  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Welcome to the TE forums. Your best bet is to contact ISACA. They are actually quite helpful. The description of your experience implies that you are pretty darn close to fulfilling the experience requirements for a CISM. But ultimately, it's up to ISACA to decide if you meet the requirements. Good luck.
Sign In or Register to comment.