ISACA’s Certified Information Security Manager (CISM) and Certified in Risk and Information Systems Control (CRISC) credentials have been named two of the highest-paying IT certifications in the latest Foote Partners’ IT Skills and Certifications Pay Index (ITSCPI).


The recognition shows that employers are investing in professionals with specific IT skill sets that demonstrate the knowledge and expertise to address current and emerging challenges such as cloud computing and big data.

“ISACA’s rigorous certification programs are designed to help IT professionals demonstrate to their employers their abilities to help the enterprise improve trust in, and value from, information systems,” said Allan Boardman, director of ISACA and risk manager at a global investment bank. “As the Foote Partners’ report indicates, professionals who hold the CISM or CRISC certifications are earning especially high premiums for their efforts and are strongly valued for their contributions to the overall enterprise.”

Since its introduction 10 years ago, the CISM credential has become recognized worldwide as a symbol of excellence in information security, and has been earned by nearly 20,000 professionals. The certification affirms to employers that the candidate they are hiring is equipped with strong security management skills and has demonstrated experience in security management.

“The CISM certification helps CISOs and IT security professionals focus on the key domains in order to effectively manage information security in their organization, regardless of its size, industry or geography,” said Marc Vael, chief audit executive at Smals. “Hence, the CISM core tasks and knowledge help security professionals become constructive, value-added players within their organizations—and the designation helps employers easily recognize the value of these professionals.”

CRISC is highly desired because it is the only certification that positions IT professionals for future career growth by linking IT risk management to enterprise risk management. Professionals across a wide range of job functions that include IT, security, audit and compliance have earned the CRISC designation since it was established in April 2010. To date, more than 16,000 professionals have earned the CRISC credential. Of these professionals, more than 1,200 are CIOs, CISOs, and chief compliance, risk and privacy officers.

“The CRISC was a forward-thinking certification when it was first introduced and it is no less so today as anticipating, evaluating, and responding to multiple risk vectors has been stitched into the fabric of every enterprise,” said David Foote, CEO and chief research officer of analyst firm Foote Partners. “It’s a certification that should be part of the foundation of a company’s or government organization’s commitment to understanding risk principles and frameworks.”

The ITSCPI, launched in 1999, tracks market values for individual IT skills and certifications at 2,350 employers in North America, with results and detailed market analyses published every three months. Currently, 540 skills and certifications are monitored and reported.