ISC2 Governance, Risk, and Compliance
Training including examination and certification
.svg)
Machine Learning Engineer
1. Governance, Risk, and Compliance (GRC)
You will learn the fundamentals of governance, risk, and compliance programs in the areas of information security and data protection: regulatory requirements, risk management, security policies, and the organizational management of security and compliance initiatives.
2. Scope and Delimitation of the System
You will learn how to define and delineate systems and their scope of security: identifying critical assets, business processes, and data flows, as well as how to integrate security and data protection requirements within the organizational context.
3. Selection and approval of frameworks and security and data protection controls
You will learn how to select and implement security and data protection controls based on established frameworks and standards: evaluating appropriate measures to minimize risk and aligning them with regulatory and business requirements.
4. Implementation of security and data protection controls
You will learn how to implement technical and organizational security and data protection measures: implementing controls within processes, systems, and architectures to ensure protection, resilience, and compliance.
5. Assessment and auditing of security and data protection controls
You will learn how to evaluate and audit security and data protection controls: conducting assessments, audits, and effectiveness reviews to identify vulnerabilities, compliance gaps, and opportunities for improvement.
6. System Compliance
You will learn how to ensure system compliance with internal policies as well as external regulatory and legal requirements: monitoring, maintaining records, and reporting on compliance status and security measures.
7. Ensuring Compliance
You will learn how to maintain compliance and security standards on an ongoing basis: continuously reviewing, adapting, and improving controls, processes, and governance structures in light of new risks, threats, and regulatory changes.
Consists of the following modules:
ISC2 Governance, Risk, and Compliance (CGRC)
Exam Voucher for CGRC (CGRCP)
Requirements:
To obtain CGRC certification, you must have a valid ISC2 membership and at least two years of cumulative full-time professional experience in one or more areas covered by the current CGRC exam syllabus.
Alternatively, you must have at least two years of cumulative full-time work experience in one or more areas covered by the current CGRC exam syllabus. A bachelor’s or master’s degree in computer science, information technology, or a related field, or an ISC2-recognized certification, may substitute for up to one year of the required work experience. Part-time employment and internships may also be counted toward this requirement.
You understand the fundamentals of Governance, Risk, and Compliance (GRC) as well as how to integrate security, risk, and compliance requirements into business processes.
You are familiar with national and international security and data protection frameworks such as NIST, ISO/IEC, COBIT, PCI-DSS, FedRAMP, and GDPR, as well as their application in a compliance context.
You define and delineate systems, information assets, and security requirements, taking into account risk and data protection requirements.
You will independently select, evaluate, and adapt security and data protection controls based on established frameworks and regulatory requirements.
You are familiar with the implementation of technical and organizational security measures within IT and compliance architectures.
You apply methods for auditing, evaluating the effectiveness of, and testing security and data protection controls.
You understand how to manage risks, vulnerabilities, and deviations, as well as how to define appropriate risk response strategies.
You are familiar with the creation, maintenance, and record-keeping of compliance documentation and audit reports.
You implement processes for ongoing compliance, change management, monitoring, and security maintenance throughout the entire system lifecycle.
You understand the importance of security governance, continuous monitoring, and resilience-focused compliance strategies in a corporate context.
This course consists of antraining is led by an instructor who provides live guidance to participants. Theory and practice are taught through live demonstrations and hands-on exercises. The course uses the video conferencing software Zoom.
Exam format
- Exam duration: 3 hours
- Number of questions: 125
- Format: Multiple choice & advanced question types
- Pass rate: 70% (700 out of 1,000 points)
- Language: English
- Exam Content: The 7 Domains
- Domain 1: Governance, Risk, and Compliance - 16%
- Domain 2: System Scope and System Boundaries - 10%
- Domain 3: Selection and approval of frameworks, as well as security and data protection controls - 14%
- Domain 4: Implementation of security and data protection controls - 17%
- Domain 5: Assessment and Audit of Security and Data Protection Controls - 16%
- Domain 6: System Compliance - 14%
- Domain 7: Maintaining Compliance - 13%
Applying for Certification
Once you have passed the CGRC exam, you can apply for the official ISC² CGRC certification. To do so, you must accept the ISC² Code of Ethics and have your relevant professional experience validated as part of the endorsement process. Validation is typically performed by an actively certified ISC2 professional. If you are unable to find a suitable person, ISC2 can validate your application. The certification process must be completed within nine months of passing the exam.
Recertification
The CGRC certification is valid for three years. To maintain your certification status, you must earn Continuing Professional Education (CPE) credits during this period and pay the Annual Maintenance Fee (AMF) to ISC2. This ensures that your knowledge remains up to date and that you retain your status as certified .
CGRC certification is ideal for you if you want to do more than just implement security, risk, and compliance requirements on an operational level; you also want to strategically manage governance, cyber risks, and regulatory requirements. It is particularly relevant for:
Governance, Risk, and Compliance (GRC) professionals who wish to systematically establish or further develop security and compliance programs
IT security officers and security managers who need to align regulatory requirements with technical security measures
Risk managers and internal auditors who assess cyber risks, conduct audits, and monitor compliance requirements
IT and security consultants who advise customers governance, risk, and compliance issues and help them prepare for audits or certifications
Compliance officers and data protection officers who need to integrate and demonstrate compliance with security, data protection, and regulatory requirements
IT managers, system administrators, and project managers who are responsible for ensuring that systems are operated securely and in compliance with regulations
Professionals in regulated industries such as financial services, healthcare, public administration, or critical infrastructure who are required to implement security and compliance requirements
CISSP®, CISM®, CISA®, or ISO 27001-certified professionals who wish to specifically expand their skill set to include governance, risk, and compliance competencies
.svg)
