ISC2 launches self-paced AI-based adaptive training exploring the subject matter within the ISC2 CGRC certification exam outline to upskill professionals

Alexandria, Va., June 17, 2024 ISC2 – the world’s leading nonprofit member organization for cybersecurity professionals – today announced the launch of Certified Governance Risk and Compliance (CGRC) Self-Paced Training designed with a personalized, adaptative learning experience to guide the participants along pathways tailored to their individual needs based on prior knowledge, learning speed and confidence levels. The CGRC credential recognizes that those who earn it have the knowledge, skills and ability in how to integrate governance, performance management, risk management and regulatory compliance within organizations.

In the most recent ISC2 Cybersecurity Workforce Study, respondents ranked GRC second (35%), behind only cloud computing security, when it came to skills that are most in-demand for security professionals who are looking to advance their careers through new jobs and promotions.  

The global need for cybersecurity professionals with GRC skills and expertise is increasing as the era of data privacy regulations continues. Kicking off with the European Union’s General Data Protection Regulation, enacted in 2018, the World Economic Forum has predicted that by the end of 2025, three-quarters of the world’s population will be covered by data privacy laws.

“Governance, Risk and Compliance are critical elements of any quality cybersecurity program, and ISC2 is dedicated to providing the most relevant and up-to-date training available for professionals looking to up-skill in this area,” said Clar Rosso, CEO at ISC2. “Alongside the numerous existing global frameworks, we are watching as governing bodies around the world are working to quickly review, develop and implement new policies around emerging technology such as AI as well as data privacy. As these regulations take effect, there will be more opportunities for cybersecurity professionals to engage with GRC, however at the same time, it presents both new challenges and opportunities for the profession. Our training bridges that gap and provides reassurance that cyber professionals are prepared for the next wave of regulation.”

The Online Self-Paced Training for the CGRC adaptive learning course leverages AI to guide learners along pathways tailored to their individual needs based on prior knowledge, learning speed and confidence levels. The course, which is aligned to the latest version of the exam, also includes interactive study materials, robust search functionality to home in on topics, analytics dashboards to track learner progress, email support in lieu of instructor and 24/7 course availability. Additionally, for those looking for more instructor guidance, the CGRC Online Instructor-Led Training has also been refreshed to align with the updated exam content.

Updates to CGRC Exam

Effective June 15, 2024, the CGRC examination is based on an updated exam outline. This update is the result of the Job Task Analysis (JTA), which is an analysis of the knowledge, skills and abilities of the credential evaluated by ISC2 members on a triennial cycle. ISC2 maintains the relevancy of its credentials through this rigorous and methodical process, which ensures that the examinations, and subsequent continuing professional education requirements, encompass the topic areas relevant to the roles and responsibilities of today's practicing cybersecurity professionals with the knowledge, skills and abilities to lead an organization’s information security program.

Getting Started in GRC

For those looking to develop their skills in this growing area of cybersecurity, ISC2 offers three Risk Management Practitioner certificates. Certificates allow for differ from certifications in that they measure competencies – rather than knowledge, skills and abilities – and enable professionals to advance their development in those areas to advance their careers.

ISC2 also has 11 Governance, Risk and Compliance Skill-Builders available. Skill-Builders are short-format learning opportunities, available on-demand and free to professionals who hold an ISC2 certification or Associate of ISC2 status. Featuring a variety of learning styles, from applied scenarios to virtual tours, GRC Skill-Builders cover topics including Supply Chain Risk Management (SCRM), ICS standards, regulations and frameworks, cloud GRC and more.

For more information on the CGRC credential and training, visit


About ISC2

ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 600,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at Connect with us on X, Facebook and LinkedIn.

© 2024 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP, CC, and CBK are registered marks of ISC2, Inc.

Media Contact:
Amanda Steinman
Senior PR Manager