Certified in Governance, Risk and Compliance (CGRC)

As the true entry point to career excellence, a CGRC starts newcomers on their path to Certified in Governance, Risk and Compliance and future leadership roles.


Why Certified in Governance, Risk and Compliance?

Certified in Governance, Risk and Compliance (CGRC) cybersecurity professionals have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity. CGRC professionals align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.

Target Audience

The CGRC is ideal for IT, information security and cybersecurity professionals responsible for governance, risk and compliance within an organization.
Roles include:
  • Authorizing Official
  • Cyber GRC Manager
  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Information Technology Manager
  • GRC Manager
  • Cybersecurity Risk & Compliance Project Manager
  • Cybersecurity Risk & Controls Analyst
  • Cybersecurity Third Party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • GRC Security Analyst
  • System Security Manager
  • System Security Officer
  • Information Assurance Manager

Required Experience

Candidates must have a minimum of 2 years’ cumulative work experience in 1 or more of the 7 domains of the CGRC Common Body of Knowledge (CBK®). A candidate without the required experience may become an Associate of ISC2 by passing the CGRC examination. The Associate of ISC2 will then have 3 years to earn the 2 years of required experience.

Exam Domains

  • Information Security Risk Management Program
  • Scope of the Information System
  • Selection and Approval of Security and Privacy Controls
  • Implementation of Security and Privacy Controls
  • Assessment/Audit of Security and Privacy Controls
  • Authorization/Approval of Information Systems
  • Continuous Monitoring

Exam Details

Exam Availability: English | Testing Centre: Pearson VUE

3 hr

Exam Length


Number of
Exam Items

Multiple Choice

Item Format


Passing Score


Course Fee
Exam Fee $890 (AUD)
“This course may be undertaken as a self paced program, which can be completed at your own pace, in your own time.”

Book a call with one of our skilled consultants to discuss your organisations specific requirements.


Steps to Certification


Obtain the required experience

See alternate Associate pathway for those who do not yet meet experience requirement


Take and Pass the Exam

Find a local Pearson VUE Test Center and register for the exam at www.pearsonvue.com/isc2


Complete the endorsement process

Get work experience endorsed by an ISC2 member within 9 months from exam date

Agree to the ISC2 Code of Ethics


Maintain membership

Earn and submit a minimum of 30 CPEs each year; 90 CPEs by the end of the 3-year recertification cycle Pay the annual maintenance fee of $125, due each year upon the anniversary of the certification date (if member holds more than one, whichever anniversary date comes first). Members only pay a single AMF of $125 regardless of how many certifications they hold.

Certified in Governance, Risk and Compliance (CGRC)

Benefits of Certified in Governance, Risk and Compliance

For the Individual

Proves understanding of regulations and strategies for data privacy and risk management processes and procedures. Helps professionals stand out and be more competitive worldwide.

Can bolster career advancement and versatility, creating more choice in assignments for many.

Expands knowledge and keeps professionals up-to-date on industry standards, frameworks, regulations, requirements and risks.

Can lead to increases in salary. On average, (ISC)² members report having salaries 35% higher than non-members.

For the Organisation

Helps professionals effectively manage IT and security risks, reduce costs and meet compliance requirements, resulting in the prevention of reputational and financial losses.

Helps promote the consistent use of frameworks, informed decision-making and optimal performance through an integrated view of the organization’s risk management practices.

Promotes continuous collaboration and enhances the ability to respond to risks strategically.

Increases organizational integrity in the eyes of clients and other stakeholders.

Meets certification mandates for service providers and subcontractors.

Ensures professionals remain up-to-date on emerging and changing technologies, as well as security issues related to these technologies, through continuing professional education requirements.

Helps prevent compliance violations and data breaches and ensure compliance with government and industry regulations (DoD 8570.01 approved).