Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JJSantos
Newcomer I
‎03-02-2023 04:59 PM
‎03-02-2023 04:59 PM

CGRC-CAP benchmark

Dear comunity

 

How are you? I hope you are fine. I am opening this thread to ask you for a honest opinion, and hopefully obtaining some empiric data, about the now-called CGRC. I would like to enter in the business of GRC and I need some orientation. I saw that ISC2 has this certification at disposal and I would like how it helps to perform in the job and how it is perceived by Senior Officers and HR.

 

Many thanks in advance

 

Juan José

Head of Cyber Intelligence

CISSP, CompTIA Security+, CompTIA Network+, ISO27001 Lead Auditor
Reply
0 Kudos
4 Replies
emb021
Advocate I
‎03-02-2023 05:07 PM
‎03-02-2023 05:07 PM

Keep in mind that it is a renaming of a certification, the CAP, that was really only aimed at US government folks, not corporate.  I've been involved with GRC for some time and had zero interest in the CAP, and never saw it mentioned by anyone in the GRC field.

To be honest, this would be viewed as a new cert in the realm.  So it will take some time to be noticed in the field and be asked for on job descriptions.

Most of the GRC folks are more likely to be members of ISACA and have their CGEIT cert.  Which I happen to have myself.  GRC only overlaps a little with infosec, tho many like myself have to straddle both areas.


---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
Reply
JJSantos
Newcomer I
‎03-02-2023 05:21 PM
‎03-02-2023 05:21 PM

Thanks a lot emb021! Could you, please, tell me how this certification is perceived in comparison to CISM and CGEIT? Many thanks in advance.

Head of Cyber Intelligence

CISSP, CompTIA Security+, CompTIA Network+, ISO27001 Lead Auditor
Reply
0 Kudos
emb021
Advocate I
‎03-02-2023 05:31 PM
‎03-02-2023 05:31 PM

If you mean the CGRC cert, again, keep in mind that many consider it a brand new cert.  The prior CAP was NOT viewed as a 'GRC cert'.  So it will take some time before CGRC has any recognition in the GRC community.  As it comes from ISC2, that will come.  But am thinking it will be a couple of years before we really start seeing it listed on job descriptions.

The CISM is *highly* respected for security managers (most of whom will also have a CISSP), and CGEIT is also highly respected in GRC.  Both require 5 years experience whereas the CGRC only requires 2.

Am thinking of getting it, but its not a high priority for me as I'm focusing on some privacy certs first.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow
Reply
JoePete
Advocate I
‎03-03-2023 12:30 PM
‎03-03-2023 12:30 PM

@emb021 wrote:

Keep in mind that it is a renaming of a certification, the CAP, that was really only aimed at US government folks, not corporate. 

I think this is very true. My two cents is that governance, risk, and compliance can mean very different things depending on context, and all of them can be something different from "GRC." I look at the CGRC/CAP as maybe useful to someone transitioning from an information security operational role to a strategic one, who, for one reason or another, hasn't built up other credentials.

Reply