Salary Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Salary Survey. These posts contain previously unpublished Salary Survey data.
It's relatively rare in the IT certification industry for a certification to be renamed. The name of your IT certification tends to be a defining element of its brand. And in an arena that is dominated by acronyms, a new identity can completely obscure your cert's prior iteration. On the other hand, sometimes the new identity already has its own lease on life.
Such is the case with new/old CGRC credential offered by cybersecurity professional association ISC2. Certified in Governance, Risk and Compliance (CGRC), No. 34 on our most recent Salary Survey 75 list, rose from the ashes of the old Certified Authorization Professional (CAP) credential earlier this year in February. "CAP" doesn't ring any particular bells, but the growing importance of "GRC" across the IT spectrum makes it much easier to identify the skill set validated by the newly renamed credential.
Here's what the salary picture looks like for CGRC holders who responded to the Salary Survey:
All U.S. Respondents
Average Annual Salary: $118,980
Median Annual Salary: $116,310
How satisfied are you with your current salary?
Completely Satisfied: 23 percent
Very Satisfied: 22.3 percent
Satisfied: 35.4 percent
Not Very Satisfied: 16.8 percent
Not At All Satisfied: 2.5 percent
All Non-U.S. Respondents
Average Annual Salary: $86,390
Median Annual Salary: $92,500
How satisfied are you with your current salary?
Completely Satisfied: 14.3 percent
Very Satisfied: 39.3 percent
Satisfied: 25 percent
Not Very Satisfied: 10.7 percent
Not At All Satisfied: 10.7 percent
ISC2's widely respected certification program has a global footprint, which is reflected here. U.S. residents account for roughly 71 percent of the overall pool of CGRC holders who participated in the survey, but we also heard from individuals in 34 other countries: Afghanistan, Albania, Algeria, Andorra, Angola, Antigua and Barbuda, Argentina, Armenia, Aruba, Australia, Azerbaijan, Bahamas, Bhutan, Chile, Egypt, Ethiopia, Germany, Haiti, Hungary, Indonesia, Ireland, Italy, Jamaica, Japan, Micronesia, Morocco, New Zealand, Nigeria, Pakistan, Trinidad and Tobago, Tunisia, Tuvalu, United Arab Emirates, and Venezuela.
The information security sector of the wider IT universe is largely dominated by male professionals, but a kind of jaw-dropping 26.1 percent of CGRC holders who responded to the survey are women, compared to just 59.1 percent who are men. (A notable 9.4 percent chose not to identify their gender, while 1.8 percent are transgender female, 1.4 percent are transgender male, and 2.2 percent are gender variant/nonconforming.) The survey pool of CGRC holders is surprisingly youthful, with more than half of those surveyed younger than 45, either between the ages of 35 and 44 (32.3 percent), between the ages of 25 and 34 (19 percent), between the ages of 19 and 24 (3.2 percent), or 18 or younger (0.5 percent). Most of the CGRC "senior citizens" are youngish as well, with a further 27.5 percent of respondents between the ages of 45 and 54, compared to just 14.3 percent between the ages of 55 and 64, and 3.2 percent between the ages of 65 and 74.
Roughly 90 percent of CGRC holders who responded to the survey have an educational background that includes time spent at a college or university. The highest level of formal education completed by most CGRC holders is either a bachelor's degree (32.3 percent of respondents), master's degree (41.4 percent), associate's degree (6.3 percent), doctorate (5.3 percent), or professional degree (4.2 percent). The outliers are the 4.2 percent of those surveyed who completed some level of technical training after high school, the 4.2 percent who concluded their educational pursuits with a high school diploma, the 0.5 percent who are currently in school, and the 1.6 percent who entered the workforce without any formal education.
A relatively low 68.5 percent of CGRC holders who responded to the survey are employed full-time, with the rest either employed part-time (12.7 percent), currently in school (1.8 percent), on sabbatical (8.3 percent), or out of work (8.7 percent). Among those who have full-time jobs, most have either a standard 40-hour work week (37.1 percent of respondents) or put in between 41 and 50 hours per week (29 percent). The remaining roughly one-third of respondents are split among those who work more than 50 hours per week (8.1 percent), those who put in between 31 and 39 hours per week (14 percent), those who are on the clock for between 20 and 30 hours per week (9.1 percent), or those whose full-time work schedule consists of fewer than 20 hours per week (2.7 percent).
A sizeable chunk of CGRC holders do their jobs remotely: About 22 percent of respondents are spending their entire work week at home, putting in either 40 hours per week from home (9.6 percent), or more than 40 hours per week from home (12.3 percent). In the middle are the 4.3 percent of credential holders who work from home between 31 and 39 hours per week, and the 9.6 percent who work from home between 21 and 30 hours per week. The balance of those surveyed are more tied to traditional workplaces, either working from home between 10 and 20 hours per week (27.3 percent of those surveyed) or working from home fewer than 10 hours per week (36.9 percent).
In terms of workplace standing, the largest single group of CGRC holders we heard from are at the senior specialist level (23.6 percent). The rest, in descending order, are either senior managers (19.9 percent of those surveyed), managers (18.5 percent), executives (13.8 percent), directors (10.9 percent), specialists (7.6 percent), or rank-and-file employees (5.7 percent).
The largest single group of CGRC holders who responded to the survey, 29.7 percent, are relative IT novices, having worked in a role that directly utilizes one or more of their certified skills for between 3 and 5 years. The rest have been plying their certified skills for either between zero years (1 to 11 months) and 2 years (19.9 percent of those surveyed), between 6 and 8 years (19.6 percent), between 9 and 10 years (10.5 percent), or for more than a decade (20.3 percent).
Finally, here's the view of CGRC holders on key questions from the survey about how certification impacts job performance:
At my current job I use skills learned or enhanced through certification:
Several times a day: 34.4 percent
Several times a week: 34.8 percent
Several times a month: 18.5 percent
Occasionally: 8.7 percent
Rarely: 3.6 percent
Since becoming certified, I feel there is greater demand for my skills.
Strongly agree: 44.6 percent
Agree: 32.6 percent
Neither Agree nor Disagree: 11.6 percent
Disagree: 6.5 percent
Strongly Disagree: 4.7 percent
Becoming certified has increased my problem-solving skills.
Strongly agree: 34.1 percent
Agree: 32.6 percent
Neither Agree nor Disagree: 20.3 percent
Disagree: 9.4 percent
Strongly Disagree: 3.6 percent
Becoming certified has increased my workplace productivity.
Strongly agree: 29 percent
Agree: 34.8 percent
Neither Agree nor Disagree: 21 percent
Disagree: 12 percent
Strongly Disagree: 3.2 percent
PAST ISC2 CGRC DEEP FOCUS FEATURES