Effective today, the (ISC)² Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC)TM. This name better represents the knowledge, skills and abilities required to earn and maintain this certification.
Those who earn and hold the CGRC have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity. CGRC professionals can align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.
If you’re thinking of earning the CGRC, along with passing the exam, you must have a minimum of two years of work experience in one or more of the seven domains of the CGRC Common Body of Knowledge (CBK).
CGRC Exam Domains:
Information Security Risk Management Program
Scope of the Information System
Selection and Approval of Security and Privacy Controls
Implementation of Security and Privacy Controls
Assessment/Audit of Security and Privacy Controls
Authorization/Approval of Information Systems
Continuous Monitoring
The CGRC certification is ideal for information technology, information security and cybersecurity professionals responsible for governance, risk and compliance within an organization. This certification is an option for those who already hold another (ISC)² certification – like the CISSP – who want to demonstrate their expertise in this high-profile specialty.
Professionals should consider pursing certification who are in roles such as:
Cybersecurity Auditor
Cybersecurity Compliance Officer
GRC Architect or Manager
Cybersecurity Risk & Compliance Project Manager or Analyst
Third –Party or Enterprise Risk Manager
GRC Analyst or Director
System Security Manager or Officer
Information Assurance Manager
The current exam outline and exam domains are not impacted by this name change.
Learn more about the CGRC certification and find out which (ISC)² certification is best for you at: https://www.isc2.org/Certifications.