Period
to 12 April 2021

The following table provides summary statistics for permanent job vacancies with a requirement for CRISC qualifications. Included is a benchmarking guide to the salaries offered over the 6 months to 12 April 2021 with a comparison to the same period in the previous 2 years.

ISACA Certified in Risk and Information Systems Control (CRISC)
UK
6 months to
12 Apr 2021
Same period 2020 Same period 2019
Rank 724 770 783
Rank change year-on-year +46 +13 +136
Permanent jobs citing CRISC 125 236 339
As % of all permanent jobs advertised in the UK 0.15% 0.21% 0.23%
As % of the Qualifications category 0.73% 0.97% 0.92%
Number of salaries quoted 100 182 227
10th Percentile £41,250 £41,375 £44,500
25th Percentile £45,363 £50,000 £52,250
Median annual salary (50th Percentile) £61,250 £60,000 £67,500
Median % change year-on-year +2.08% -11.11% +3.85%
75th Percentile £72,500 £74,688 £91,875
90th Percentile £85,000 £86,250 £102,500
UK excluding London median annual salary £57,500 £60,000 £59,000
% change year-on-year -4.17% +1.69% +1.72%

CRISC is in the Academic Qualifications and Professional Certifications category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for academic qualifications or professional certifications.

All Academic and Professional Certifications
UK
Permanent vacancies requiring academic qualifications or professional certifications 17,125 24,359 36,707
As % of all permanent IT jobs advertised in the UK 20.75% 21.46% 24.65%
Number of salaries quoted 11,631 18,331 26,847
10th Percentile £31,250 £28,000 £26,500
25th Percentile £41,250 £36,250 £35,000
Median annual salary (50th Percentile) £55,000 £50,500 £50,000
Median % change year-on-year +8.91% +1.00% +5.26%
75th Percentile £72,500 £67,500 £66,250
90th Percentile £86,250 £83,750 £81,350
UK excluding London median annual salary £50,000 £47,000 £45,000
% change year-on-year +6.38% +4.44% +2.86%

CRISC
Job Vacancy Trend

Job postings citing CRISC as a proportion of all IT jobs advertised.

Job vacancy trend for CRISC in the UK

CRISC
Salary Trend

3-month moving average salary quoted in jobs citing CRISC.

Salary trend for CRISC in the UK

CRISC
Salary Histogram

Salary distribution for jobs citing CRISC over the 6 months to 12 April 2021.

Salary histogram for CRISC in the UK

CRISC
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing CRISC within the UK over the 6 months to 12 April 2021. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +16 109 £62,500 +4.17% 11
UK excluding London +38 79 £57,500 -4.17% 9
South East +58 39 £42,500 -29.17% 2
London +69 36 £72,500 +14.17% 4
Work from Home -112 21 £57,500 -19.30% 2
Midlands +23 15 £70,000 +26.13% 2
West Midlands +18 15 £70,000 +27.27% 1
North of England +35 13 £60,000 +9.09% 1
Yorkshire +11 9 £57,500 +4.55%
South West -9 6 £65,000 +18.18% 2
North West +32 4 £67,500 +22.73% 1
Scotland +10 4 £65,000 -13.33% 1
East of England +54 3 - -
Wales +33 3 £62,500 -10.71% 1

For the 6 months to 12 April 2021, IT jobs citing CRISC also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for CRISC.

1 109 (87.20%) Information Security
2 107 (85.60%) CISSP
3 84 (67.20%) CISM
4 76 (60.80%) ISO/IEC 27001
5 72 (57.60%) Cybersecurity
6 68 (54.40%) Risk Management
7 54 (43.20%) NIST
8 49 (39.20%) CISA
9 39 (31.20%) Finance
9 39 (31.20%) Analytical Skills
10 36 (28.80%) Management Information System
11 25 (20.00%) Degree
12 24 (19.20%) Risk Analysis
12 24 (19.20%) Microsoft
13 23 (18.40%) Business Intelligence
14 21 (16.80%) Risk Assessment
15 20 (16.00%) Validation
16 18 (14.40%) Mobile Device Management
16 18 (14.40%) Security Management
17 17 (13.60%) GRC
18 16 (12.80%) Agile Software Development
18 16 (12.80%) Data Privacy
18 16 (12.80%) Azure
19 15 (12.00%) Security Cleared
19 15 (12.00%) Security Operations
20 14 (11.20%) SANS
20 14 (11.20%) Penetration Testing
21 13 (10.40%) Firewall
21 13 (10.40%) Security Architecture
21 13 (10.40%) ISMS

CRISC
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 5 (4.00%) SharePoint
2 2 (1.60%) Elasticsearch
3 1 (0.80%) Apache
3 1 (0.80%) IIS
Applications
1 5 (4.00%) Microsoft Excel
1 5 (4.00%) MS Visio
Business Applications
1 4 (3.20%) Sentinel
2 1 (0.80%) Distributed Ledger
Cloud Services
1 16 (12.80%) Azure
2 8 (6.40%) AWS
3 6 (4.80%) Microsoft 365
4 4 (3.20%) SaaS
5 3 (2.40%) Cloud Computing
5 3 (2.40%) Mimecast
6 2 (1.60%) Amazon CloudWatch
6 2 (1.60%) Amazon GuardDuty
6 2 (1.60%) Google Workspace
6 2 (1.60%) IaaS
6 2 (1.60%) PaaS
7 1 (0.80%) OpenShift
Communications & Networking
1 13 (10.40%) Firewall
2 12 (9.60%) Network Security
3 10 (8.00%) Intrusion Detection
4 7 (5.60%) SAN
5 4 (3.20%) HTTP
5 4 (3.20%) Unified Communications
6 3 (2.40%) Cisco IPT
6 3 (2.40%) DNS
6 3 (2.40%) TCP/IP
6 3 (2.40%) VPN
7 2 (1.60%) DHCP
7 2 (1.60%) DMZ
7 2 (1.60%) ICMP
7 2 (1.60%) SNMP
8 1 (0.80%) RTP
Database & Business Intelligence
1 1 (0.80%) Blockchain
1 1 (0.80%) GIS
1 1 (0.80%) MySQL
1 1 (0.80%) PostgreSQL
1 1 (0.80%) Redis
Development Applications
1 1 (0.80%) GitLab
General
1 39 (31.20%) Finance
2 12 (9.60%) Banking
3 8 (6.40%) Retail
4 7 (5.60%) Legal
5 6 (4.80%) Public Sector
6 4 (3.20%) Financial Institution
6 4 (3.20%) Law
7 2 (1.60%) Investment Banking
7 2 (1.60%) Retail Banking
8 1 (0.80%) Telecoms
Job Titles
1 35 (28.00%) Analyst
2 26 (20.80%) Risk Analyst
3 21 (16.80%) IT Analyst
4 20 (16.00%) IT Risk Analyst
5 19 (15.20%) Security Officer
6 15 (12.00%) Security Manager
6 15 (12.00%) Security Specialist
7 13 (10.40%) Security Analyst
8 12 (9.60%) Security Engineer
9 11 (8.80%) Information Officer
9 11 (8.80%) Information Security Officer
10 10 (8.00%) Consultant
11 9 (7.20%) Information Security Specialist
11 9 (7.20%) Information Specialist
12 8 (6.40%) Security Consultant
12 8 (6.40%) Security Risk Analyst
13 7 (5.60%) Information Analyst
13 7 (5.60%) Information Manager
13 7 (5.60%) Information Security Analyst
13 7 (5.60%) Information Security Manager
Libraries, Frameworks & Software Standards
1 2 (1.60%) LDAP
1 2 (1.60%) SAML
2 1 (0.80%) LAMP
2 1 (0.80%) LAPP Stack
2 1 (0.80%) Node.js
2 1 (0.80%) Ruby on Rails
Miscellaneous
1 39 (31.20%) Analytical Skills
2 36 (28.80%) Management Information System
3 11 (8.80%) Self-Motivation
4 8 (6.40%) Public Cloud
5 5 (4.00%) Cloud Native
5 5 (4.00%) SCADA
6 4 (3.20%) Data Centre
6 4 (3.20%) Hybrid Cloud
7 3 (2.40%) Analytical Mindset
7 3 (2.40%) Distributed Denial-of-Service
7 3 (2.40%) Life Science
8 2 (1.60%) Cyberthreat
8 2 (1.60%) Enterprise Cloud
8 2 (1.60%) PKI
8 2 (1.60%) Security Operations Centre
9 1 (0.80%) Blog
9 1 (0.80%) Data Protection Act
9 1 (0.80%) Hedge funds
Operating Systems
1 5 (4.00%) Mac OS
1 5 (4.00%) Windows
2 3 (2.40%) Linux
3 1 (0.80%) Unix
Processes & Methodologies
1 109 (87.20%) Information Security
2 72 (57.60%) Cybersecurity
3 68 (54.40%) Risk Management
4 24 (19.20%) Risk Analysis
5 23 (18.40%) Business Intelligence
6 21 (16.80%) Risk Assessment
7 20 (16.00%) Validation
8 18 (14.40%) Mobile Device Management
8 18 (14.40%) Security Management
9 16 (12.80%) Agile Software Development
9 16 (12.80%) Data Privacy
10 15 (12.00%) Security Operations
11 14 (11.20%) Penetration Testing
12 13 (10.40%) Analytics
12 13 (10.40%) Continuous Improvement
12 13 (10.40%) Data Analytics
12 13 (10.40%) ISMS
12 13 (10.40%) Security Architecture
12 13 (10.40%) SIEM
12 13 (10.40%) Vulnerability Management
Programming Languages
1 5 (4.00%) C
1 5 (4.00%) VBA
2 2 (1.60%) Go
2 2 (1.60%) Python
3 1 (0.80%) Bash Shell
3 1 (0.80%) JavaScript
3 1 (0.80%) PHP
3 1 (0.80%) PowerShell
3 1 (0.80%) Ruby
Qualifications
1 107 (85.60%) CISSP
2 84 (67.20%) CISM
3 49 (39.20%) CISA
4 25 (20.00%) Degree
5 15 (12.00%) Security Cleared
6 14 (11.20%) SANS
7 11 (8.80%) ISO 27001 Lead Auditor
8 10 (8.00%) SC Cleared
9 7 (5.60%) CEH
10 6 (4.80%) CESG Certified Professional
10 6 (4.80%) CGEIT
11 5 (4.00%) GIAC
11 5 (4.00%) ISACA
12 4 (3.20%) CompTIA Security+
12 4 (3.20%) GSEC
12 4 (3.20%) ISSAP
12 4 (3.20%) ISSEP
12 4 (3.20%) Microsoft Certification
13 3 (2.40%) ISO 27001 Lead Implementer
13 3 (2.40%) PMP
Quality Assurance & Compliance
1 76 (60.80%) ISO/IEC 27001
2 54 (43.20%) NIST
3 17 (13.60%) GRC
4 12 (9.60%) GDPR
5 9 (7.20%) COBIT
5 9 (7.20%) Cyber Essentials
6 7 (5.60%) PCI DSS
7 6 (4.80%) NCSC
7 6 (4.80%) NIST 800
8 5 (4.00%) COSO
9 4 (3.20%) ISO/IEC 27005
9 4 (3.20%) Sarbanes-Oxley
10 3 (2.40%) HMG Security Policy Framework
10 3 (2.40%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
11 2 (1.60%) SOC 2
12 1 (0.80%) ISO 22301
12 1 (0.80%) ISO 9001
System Software
1 1 (0.80%) Active Directory
1 1 (0.80%) Docker
1 1 (0.80%) VMware Infrastructure
Systems Management
1 5 (4.00%) RSA Archer
2 4 (3.20%) EMC NetWorker
3 3 (2.40%) Nessus
3 3 (2.40%) QRadar
4 2 (1.60%) Jamf Pro
5 1 (0.80%) Ansible
5 1 (0.80%) CASB
5 1 (0.80%) HAProxy
5 1 (0.80%) Kubernetes
5 1 (0.80%) Opscode Chef
5 1 (0.80%) Puppet
Vendors
1 24 (19.20%) Microsoft
2 6 (4.80%) Cisco
3 4 (3.20%) AlienVault
3 4 (3.20%) CheckPoint
3 4 (3.20%) Fortinet
3 4 (3.20%) McAfee
3 4 (3.20%) Palo Alto
3 4 (3.20%) Splunk
3 4 (3.20%) Symantec
4 3 (2.40%) Darktrace
5 1 (0.80%) Sun
5 1 (0.80%) VMware