(ISC)² CGRC
ISC2 governance / risk / compliance cert (formerly CAP). Narrow but credible in federal / regulated markets.
ISC2 governance / risk / compliance cert (formerly CAP). Narrow but credible in federal / regulated markets. Pursue if: You're in or aimed at federal / regulated GRC. Avoid if: You're outside those markets. CISA or CRISC is broader.
In context
This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.
Recommended prior knowledge
- GRC or risk experience
Common misconceptions
- It helps with federal/regulated grc roles. It does not unlock operational security roles.
- (ISC)² CGRC alone clears HR filters; it doesn't replace shipped, documented work.
What this cert does NOT guarantee
- Operational security roles
Practical skills that matter
- Federal/regulated GRC roles
- Risk analyst shortlists
The serious next step
A cert is a signal. A Career Verdict tells you whether the signal is worth sending.
A Career Verdict tells you whether this cert earns its place on your specific route, what it won't fix, and what to sit before or after it.
Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.