According to ISACA, the Certified in Risk and Information Systems Control (CRISC) certification is the only certification that “prepares and enables IT professionals for the unique challenges of IT and enterprise risk management, and positions them to become strategic partners to the enterprise.”

Because it is the only certification with a business-risk focus, it’s an excellent choice for anyone looking to enter the realm of information system risk management. The CRISC certification is applicable to infosec professionals leading or partnering with any organization, including financial institutions.

According to a study conducted by PayScale, the most important (popularly sought) skill for CRISC holders was security risk management. This was followed closely by security policies and procedures, and then IT security and infrastructure. Internal auditing came next, followed by risk management and control. SOX auditing was listed last.

CRISC-holder salaries range dramatically based on a number of factors, including location, experience level and job role. Let’s take a quick look at some of what you’ll need to know regarding the CRISC salary.

2017 CRISC Median Salary by City

City Salary/Year
Richmond, VA $144,000
Stamford, CT $130,000
Memphis, TN $124,740
San Diego, CA $121,000
Charlotte, NC $109,000
New York City, NY $100,500
Seattle, WA $95,000

Richmond, VA, topped the list of median salaries with $144,000. San Diego, CA, fell into the middle of the range with $121,000, and Seattle, WA, came in last at $95,000.

 2017 CRISC Median Salary by Experience

Years of Experience National Salary Data
1-4 years of experience $88,000
5-9 years of experience $92,087
10-19 years of experience $119,047
20 years or more $149,550

The more years of experience you have, the higher your salary will be. However, experience is only one of the factors that will affect your pay – you’ll also need to account for location and job role.


 2017 CRISC Median Salary by Job Role

Job Role Salary Data
Senior Information Technology Auditor $92,372
Chief Information Security Officer $202,940
Information Security Analyst $99,480
Information Security Manager $122,474
Information Security Officer $95,986

The highest pay goes to those filling the role of chief information security officer, but as you can see from the information above, CRISC holders have good earning potential in almost any position.

The CRISC is the only certification for IT enterprise risk management professionals, and can help you build a rewarding career. If you’re interested in taking the next step, complete the form below.


Average Salary for Certification: Certified in Risk and Information Systems Control, PayScale