Earning the CGRC certification is a proven way to build your career and demonstrate your expertise within various risk management frameworks.
The CGRC shows employers you have the advanced technical skills and knowledge to understand Governance, Risk and Compliance (GRC) and can authorize and maintain information systems utilizing various risk management frameworks, as well as best practices, policies and procedures.
Prove your skills, advance your career, and gain support from a community of cybersecurity leaders here to help you throughout your professional journey.
The CGRC is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization.
Exams
The CGRC exam evaluates your expertise across seven domains. Think of the domains as topics you need to master based on your professional experience and education.
- Domain 1: Information Security Risk Management Program
- Domain 2: Scope of the Information System
- Domain 3: Selection and Approval of Security and Privacy Controls
- Domain 4: Implementation of Security and Privacy Controls
- Domain 5: Assessment/Audit of Security and Privacy Controls
- Domain 6: Authorization/Approval of Information System
- Domain 7: Continuous Monitoring
Once you receive notification that you have successfully passed the exam, you can start the online endorsement process. This process attests that your assertions regarding professional experience are true and that you are in good standing within the cybersecurity industry.