CRISC
ISACA's risk credential. The dedicated counterpart to CISM for risk-coded governance lanes.
ISACA's risk credential. The dedicated counterpart to CISM for risk-coded governance lanes. Pursue if: You sit on or near a risk register today; You're aiming for GRC leadership. Avoid if: You're early-career or pure IC technical.
In context
This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.
Recommended prior knowledge
- 3+ years GRC/audit exposure
Common misconceptions
- It helps with enterprise risk roles. It does not unlock hands-on engineering roles.
- CRISC alone clears HR filters; it doesn't replace shipped, documented work.
What this cert does NOT guarantee
- Hands-on engineering roles
- Detection or IR work
Practical skills that matter
- Enterprise risk roles
- GRC manager interviews
- Audit-leaning consulting
The serious next step
A cert is a signal. A Career Verdict tells you whether the signal is worth sending.
A Career Verdict tells you whether this cert earns its place on your specific route, what it won't fix, and what to sit before or after it.
Built on POST's practitioner-authored assessment framework, calibrated by James from twenty years across helpdesk, infrastructure and security. Framework is human-authored; the verdict applies it to your inputs.