Effective today, the ISC2 Certified Authorization Professional (CAP) certification is known as the Certified in Governance, Risk and Compliance (CGRC). This name better represents the knowledge, skills and abilities required to earn and maintain this certification.
Those who earn and hold the CGRC have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity. CGRC professionals can align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.
If you’re thinking of earning the CGRC, along with passing the exam, you must have a minimum of two years of work experience in one or more of the seven domains of the CGRC Common Body of Knowledge (CBK).
CGRC Exam Domains:
- Information Security Risk Management Program
- Scope of the Information System
- Selection and Approval of Security and Privacy Controls
- Implementation of Security and Privacy Controls
- Assessment/Audit of Security and Privacy Controls
- Authorization/Approval of Information Systems
- Continuous Monitoring
The CGRC certification is ideal for information technology, information security and cybersecurity professionals responsible for governance, risk and compliance within an organization. This certification is an option for those who already hold another ISC2 certification – like the CISSP – who want to demonstrate their expertise in this high-profile specialty.
Professionals should consider pursing certification who are in roles such as:
- Cybersecurity Auditor
- Cybersecurity Compliance Officer
- GRC Architect or Manager
- Cybersecurity Risk & Compliance Project Manager or Analyst
- Third –Party or Enterprise Risk Manager
- GRC Analyst or Director
- System Security Manager or Officer
- Information Assurance Manager
The current exam outline and exam domains are not impacted by this name change.
Learn more about the CGRC certification and find out which ISC2 certification is best for you at: https://www.isc2.org/Certifications .