We know that certifications can be helpful for your security staff as a way to better recognize and mitigate threats, as well as to ensure your organization remains in compliance of industry regulations. But they usually aren’t a requirement, something that your staff absolutely has to have in order to get the job done. Is […]
We know that certifications can be helpful for your security staff as a way to better recognize and mitigate threats, as well as to ensure your organization remains in compliance of industry regulations. But they usually aren’t a requirement, something that your staff absolutely has to have in order to get the job done.
Is that the case if you decide to implement a governance, risk management and compliance (GRC) strategy into your organization? And if you need certification, what type?
Any certification should depend on what the goal of your GRC strategy is, Ignacio Martinez, VP of Risk and Compliance with Smartsheet, told me in an email comment:
One will see a variety of certifications in the GRC world: certifications for the organization and/or its processes, and also certifications of personnel in the GRC program. Ultimately, stick to the GRC goals originally defined and then pursue certifications in specific areas or personnel that support the needs of the GRC program.
The idea behind implementing a GRC is to create a system of checks and balances to decrease the chance of risk. But those who are in charge of GRC also have to keep business operations in mind. There has to be a marriage of sorts between operations and security – ensuring that the organization is meeting expectations of leadership and stakeholders while protecting data, privacy and customer trust.
Having some certifications will assist the person or team designated to put the GRC framework together, especially since those responsible for GRC may come from departments where security or compliance or even governance is part of the job description. According to CIO, here are the top certifications for GRC:
Patrick Taylor, CEO with Oversight Systems, added that certifications can be very helpful, particularly in regulated industries, because they ensure that the people leading those areas have the knowledge and skills to implement and enforce international risk management and compliance standards and requirements. Taylor did add an important caveat in our email conversation, however:
GRC isn’t static; it’s constantly changing, like all aspects of the business. So, the upfront training and continuing education required as part of these certification programs can ensure that these leaders stay up to date with the latest GRC best practices and regulatory requirements.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
