CISA and CRISC marketability

j33perj33per Member Posts: 28 ■□□□□□□□□□
Considering scheduling the CRISA as I wish to move to security/audit/risk/governance roles and experience... I have passed the CISA (pending approval still).

Looking for input from others - As most job listings I see mention CISSP, CISA, CISM with fewer having CRISC.

Does the CRISC cert light up any talent filters and help get you noticed?

For what it's worth I do have some security/audit and risk management experience to refer to.

At least for today I am motivated to go for the CRISA and CISSP icon_lol.gif


  • j33perj33per Member Posts: 28 ■□□□□□□□□□
    Lots of views but no action, so here is my own answer after some research... LOL
    I registered for the June CRISC exam. Here is why:
    1) Several web sites have the CRISC as a "top pay" cert for 2014.
    2) Indeed has a nice average salary search by US or location. (The results were attractive.)
    3) Got a heads up I am in the running for a related position at my current employer. (CISA & CRISC skillsets)
    4) Some nice leads for external options as well. (CISA & CRISC skillsets)

    Interestingly the CRISC cert returned a higher average salary than the CISSP cert. I would have expected the opposite, however, I believe the laws of supply & demand are boosting the CRISC at present.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    Good luck on the CRISC. From my own experience, ISACA certifications are usually held by people that are already well compensated. The sites that may have listed the CRISC as top pay - for example - may be basing salaries from a survey that I vaguely recall ISACA conducted. Pretty much everyone that I know including myself took the CRISC more out of curiosity than for marketability purposes.

    Just my 2 cents - but I suspect that the causality is reversed - people with higher average salaries are more likely to be interested in sitting for ISACA certs like CRISC, CISM, and CGEIT as oppose to those certifications causing the higher average salaries.
  • j33perj33per Member Posts: 28 ■□□□□□□□□□
    paul78 - thanks for the input - I would agree with your assessment on CISM & CGEIT.

    There seems to be thin information (job market datawise) on the CRISC side... I simply contributed what I found.

    I am looking to add to my CISA (cert pending) - and in no way am I stating that obtaining ANY cert will magically open the door to a certain salary.

    Otherwise, CRISC domain topics seem to fit my current career tradjectory goals... time will tell
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    The CRISC is a pretty new certification which is probably why you aren't finding much on it. I found the CRISC material to be a bit immature. I would be very interested in your experience to see if the newer updates are better. Good luck in your studies.
  • TeKniquesTeKniques OSCE, OSCP, CISSP, CISA, SSCP, MCSE (03), Security+, Network+, A+, Project+ Member Posts: 1,262 ■■■■□□□□□□
    CISA and CRISC are a good combination if you're interested in IT audit/compliance/governance. During the course of an IT audit a risk assessment is pretty standard so the skills will definitely help you. Do not discount the CISSP as the material does cover quite a bit that CISA and CRISC does not that you will run into in the field. I would definitely put it on your list if you meet the experience requirements.
  • packetlogpacketlog Member Posts: 24 ■□□□□□□□□□
    Hi Paul,
    Yes, CRISC Review Manual 2014 is still immature. I hope they can improve it in next iteration.

    How about CRISC experience. Who qualifies? Can network administrators, system administrators qualify?
  • GoodBishopGoodBishop Member Posts: 359 ■■■■□□□□□□
    I agree with paul78 - while you might see the CRISC near the top of IT certification compensation charts - 15 Top-Paying Certifications for 2014 - most of the time these folks have been in IT for a long time, and are already well compensated.

    There does seem to be a strong demand for IT risk professionals in the market, and not enough supply, so that is probably part of the reason why it is so high on the salary charts.
  • wikigetwikiget Member Posts: 75 ■■□□□□□□□□
    ITIL foundation is higher on the list then I TIL expert.
    "Once upon a time, disks were floppy, administrators were electricians and computers were louder then jets. Then it all got complicated." -Anon

    Life of a Network Security Manager:
  • colemiccolemic Member Posts: 1,568 ■■■■■■■□□□
    I simply do not get where they are getting their information from. The *average* salary for a CISSP is 114K? Dare to dream. I have found that in the private sector, location matters more than anything else in regards to average pay. If you live other than the right or left coasts, your pay will be much, much lower than the average. I live in a town of 120K people, make a LOT less than the average pay for the 25th ranked cert, and I make substantially more than the average Joe in town, in ANY field. That's with a Master's degree, CISA, CISSP, CEH, CHFI, MCSE, ITIL Foundations, Net+, Sec+, CCENT, and GIAC 2700. And I'm OK with that, I am certainly not complaining... I just can't see where they get their numbers from. A CEH making 103K? Not with that cert alone... and maybe that isn't accounted for, that most of these certs aren't stand-alone.
    Working on: CCSP, definitely, maybe. On the twitters: @mcole1008
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    The list is certainly interesting to say the least.. It lists the average salary is 83k for a CCNA. I think a quick look in the salary thread would show how ridiculous that is.
Sign In or Register to comment.