Average CRISC Salary in 2022
ISACA’s Certified in Risk and Information Systems Control (CRISC) certification helps to verify that the certification holder has the in-demand skills of Security Risk Management and has ranked as one of the top-paying IT certifications since its release in 2017. This, of course, begs the question — how much will I make on average if I earn the CRISC certification?
Average CRISC salary
To not “hide the ball” or otherwise make you wade through paragraphs of information that you are not necessarily looking for, let’s jump right into it. The average pay for a CRISC in 2021 is $132,266. This figure is far above the national average salary in the United States, even that for all IT certifications. If you work in Security Risk Management and want to give your salary a healthy boost, you may want to consider earning this certification.
CRISC salaries by city
The good thing about averages is it does not necessarily mean that your salary will be at that level, as there could be a laundry list of cities where you would get paid more than said average. Below is a list of cities where you would make considerably more than the national average salary for CRISC.
| San Mateo, CA | $166,997 |
| Berkeley, CA | $161,617 |
| Daly City, CA | $161,167 |
| Richmond, CA | $156,361 |
| Stamford, CT | $152,256 |
| Bellevue, WA | $151,869 |
| Brooklyn, NY | $149,767 |
| San Francisco, CA | $148,959 |
| New Haven, CT | $148,440 |
| Lakes, AK | $147,972 |
As you can see, the national average salary for CRISC is as much as 25% below what you could get paid in the highest-paid city on the list. At times like this, the old adage of “location, location, location” finds new life.
Average Salary for CRISC by job title
The determinative factor for the average salary of a CRISC cert holder is not always where you work. The job title that you are working as a CRISC holder can also affect your average salary. Below is a list of job titles seeking CRISC certification holders and their average salaries.
| Job title | Average |
| Chief Information Security Officer | $180,853 |
| Director, Computing/Networking/Information Technology (IT) Security | $173,976 |
| Director, Risk Management/Risk Control | $140,000 |
| Information Security Manager | $125,282 |
| Information Security Officer | $122,539 |
| Information Security Analyst | $92,455 |
| Senior Information Technology (IT) Auditor | $90,702 |
The CRISC certification
CRISC is a Security Risk Management intended for IT and Information Security professionals. This certification verifies that the holder has the knowledge and skills to mitigate risk and implement and maintain Information System Controls. According to the hosting organization ISACA, CRISC is the only IT Risk certification focusing on Enterprise Risk Management. While it should be noted that there are other Security Risk Management certifications on the market, CRISC has cornered the market on the Enterprise Risk Management end of things. The latest version of the certification exam has expanded to focus on governance, risk response and reporting.
What are the CRISC prerequisites?
The only prerequisites for the CRISC certification you will have to satisfy to become fully CRISC certified is an experience requirement. The experience requirement for CRISC is three or more years of experience in IT Risk Management and IS control. It should be noted that ISACA does not allow for any experience waivers for substitutions, so this prerequisite should be considered a hard requirement that you will have to live with.
The CRISC certification exam
After obtaining the necessary work experience, you will still have to pass the CRISC certification exam to earn the cert. This exam is in the multiple-choice format, and certification candidates will have four hours (240 minutes) to answer 150 questions.
The cost of registering for the CRISC exam depends upon whether you are an ISACA member or not. For ISACA members, registering for the exam is $575. Non-members will be required to pay $760.
What information is covered on the CRISC certification exam?
The CRISC certification exam covers four Domains of Knowledge. Below is a list of each Domain with the percentage weight of exam content they represent:
- Domain 1 – Governance (26%)
- Domain 2 – IT Risk Assessment (20%)
- Domain 3 – Risk Response and Reporting (32%)
- Domain 4 – Information Technology and Security (22%)
Pursuing the CRISC certification
CRISC would give many a significant salary boost, and this should be considered along with other factors in deciding whether to earn this certification.