Period
to 30 October 2020

The following table provides summary statistics for permanent job vacancies with a requirement for CRISC qualifications. Included is a benchmarking guide to the salaries offered over the 6 months to 30 October 2020 with a comparison to the same period in the previous 2 years.

ISACA Certified in Risk and Information Systems Control (CRISC)
UK
6 months to
30 Oct 2020
Same period 2019 Same period 2018
Rank 598 824 869
Rank change year-on-year +226 +45 +27
Permanent jobs citing CRISC 93 241 313
As % of all permanent jobs advertised in the UK 0.19% 0.18% 0.19%
As % of the Qualifications category 0.88% 0.77% 0.80%
Number of salaries quoted 87 191 244
Median annual salary £60,000 £65,000 £75,000
Median salary % change year-on-year -7.69% -13.33% +25.00%
10th Percentile £36,750 £41,250 £49,193
90th Percentile £91,750 £103,750 £97,500
UK excluding London median annual salary £55,000 £60,000 £65,000
% change year-on-year -8.33% -7.69% +23.81%

CRISC is in the Academic Qualifications and Professional Certifications category. The following table is for comparison with the above and provides summary statistics for all permanent job vacancies with a requirement for academic qualifications or professional certifications.

All Academic and Professional Certifications
UK
Permanent vacancies requiring academic qualifications or professional certifications 10,583 31,370 39,020
As % of all permanent IT jobs advertised in the UK 21.18% 22.89% 23.72%
Number of salaries quoted 7,944 23,057 28,848
Median annual salary £55,000 £50,000 £50,000
Median salary % change year-on-year +10.00% - +5.26%
10th Percentile £31,250 £27,000 £26,250
90th Percentile £87,500 £82,500 £81,250
UK excluding London median annual salary £50,000 £45,000 £45,000
% change year-on-year +11.11% - +5.88%

CRISC
Job Vacancy Trend

Job postings citing CRISC as a proportion of all IT jobs advertised.

Job vacancy trend for CRISC in the UK

CRISC
Salary Trend

3-month moving average salary quoted in jobs citing CRISC.

Salary trend for CRISC in the UK

CRISC
Salary Histogram

Salary distribution for jobs citing CRISC over the 6 months to 30 October 2020.

Salary histogram for CRISC in the UK

CRISC
Top 14 Job Locations

The table below looks at the demand and provides a guide to the median salaries quoted in IT jobs citing CRISC within the UK over the 6 months to 30 October 2020. The 'Rank Change' column provides an indication of the change in demand within each location based on the same 6 month period last year.

Location Rank Change
on Same Period
Last Year
Matching
Permanent
IT Job Ads
Median Salary
Past 6 Months
Median Salary
% Change
on Same Period
Last Year
Live
Job
Vacancies
England +220 84 £61,250 -5.77% 31
UK excluding London +245 47 £55,000 -8.33% 21
London +215 44 £65,000 -5.45% 10
North of England +145 12 £55,000 +4.31% 8
South East +178 11 £35,000 -44.00% 8
Work from Home - 10 £57,500 - 1
Yorkshire +120 9 £60,000 -30.43% 5
Midlands +87 9 £70,000 +55.56% 1
South West +129 8 £65,000 +18.18% 3
Scotland +92 6 £47,538 -61.97%
East Midlands +76 6 £71,250 -5.00%
North West +112 3 £45,000 -18.18% 2
West Midlands +88 3 £48,500 +7.78% 1
Wales +52 1 £62,500 +66.67%

For the 6 months to 30 October 2020, IT jobs citing CRISC also mentioned the following skills in order of popularity. The figures indicate the absolute number co-occurrences and as a proportion of all permanent job ads with a requirement for CRISC.

1 85 (91.40%) CISSP
2 72 (77.42%) Information Security
3 69 (74.19%) CISM
4 63 (67.74%) CISA
5 60 (64.52%) ISO/IEC 27001
6 56 (60.22%) Risk Management
7 49 (52.69%) Cybersecurity
8 36 (38.71%) Finance
9 30 (32.26%) Management Information System
9 30 (32.26%) Degree
10 27 (29.03%) NIST
11 22 (23.66%) Data Protection
12 21 (22.58%) ISO 27001 Lead Auditor
13 20 (21.51%) Microsoft
14 19 (20.43%) Legal
14 19 (20.43%) Remediation Plan
15 18 (19.35%) Analytical Skills
16 17 (18.28%) Risk Assessment
17 15 (16.13%) AWS
18 14 (15.05%) GDPR
18 14 (15.05%) Penetration Testing
18 14 (15.05%) Firewall
18 14 (15.05%) Windows
19 13 (13.98%) Azure
19 13 (13.98%) SIEM
20 12 (12.90%) PCI DSS
20 12 (12.90%) Law
20 12 (12.90%) Stakeholder Management
21 11 (11.83%) Cisco Certification
21 11 (11.83%) SC Cleared

CRISC
Co-occurring IT Skills by Category

The follow tables expand on the table above by listing co-occurrences grouped by category. The same job type, locality and period is covered with up to 20 co-occurrences shown in each of the following categories:

Application Platforms
1 1 (1.08%) Apache
Applications
1 6 (6.45%) Microsoft Excel
2 3 (3.23%) Microsoft Office
3 1 (1.08%) Microsoft PowerPoint
Cloud Services
1 15 (16.13%) AWS
2 13 (13.98%) Azure
3 3 (3.23%) Mimecast
4 1 (1.08%) GCP
4 1 (1.08%) Office 365
4 1 (1.08%) OpenShift
4 1 (1.08%) SaaS
Communications & Networking
1 14 (15.05%) Firewall
2 7 (7.53%) Intrusion Detection
3 6 (6.45%) Cisco IPT
4 3 (3.23%) DNS
4 3 (3.23%) HTTP
4 3 (3.23%) VPN
5 1 (1.08%) Internet
5 1 (1.08%) Network Security
Database & Business Intelligence
1 1 (1.08%) MySQL
1 1 (1.08%) PostgreSQL
1 1 (1.08%) Redis
Development Applications
1 1 (1.08%) GitLab
General
1 36 (38.71%) Finance
2 19 (20.43%) Legal
3 12 (12.90%) Law
4 10 (10.75%) Banking
5 5 (5.38%) Public Sector
6 2 (2.15%) Financial Institution
Job Titles
1 22 (23.66%) Security Officer
2 19 (20.43%) Analyst
3 16 (17.20%) Information Officer
3 16 (17.20%) Information Security Officer
4 12 (12.90%) Security Analyst
5 10 (10.75%) Risk Analyst
6 9 (9.68%) Consultant
6 9 (9.68%) Risk Officer
6 9 (9.68%) Security Consultant
6 9 (9.68%) Security Manager
7 7 (7.53%) Architect
7 7 (7.53%) Security Architect
7 7 (7.53%) Security Risk Analyst
8 6 (6.45%) Governance Analyst
8 6 (6.45%) Information Analyst
8 6 (6.45%) Information Assurance Consultant
8 6 (6.45%) Information Security Analyst
8 6 (6.45%) Information Security Consultant
8 6 (6.45%) IT Manager
8 6 (6.45%) Risk Consultant
Libraries, Frameworks & Software Standards
1 1 (1.08%) LAMP
1 1 (1.08%) LAPP Stack
1 1 (1.08%) Middleware
1 1 (1.08%) Node.js
1 1 (1.08%) Ruby on Rails
Miscellaneous
1 30 (32.26%) Management Information System
2 18 (19.35%) Analytical Skills
3 7 (7.53%) Public Cloud
4 5 (5.38%) Data Protection Act
5 3 (3.23%) Blog
5 3 (3.23%) Cloud Native
5 3 (3.23%) Self-Motivation
6 2 (2.15%) Cyberthreat
7 1 (1.08%) Distributed Denial-of-Service
7 1 (1.08%) Driving Licence
7 1 (1.08%) Greenfield Project
7 1 (1.08%) Video Conferencing
Operating Systems
1 14 (15.05%) Windows
2 5 (5.38%) Linux
3 4 (4.30%) Mac OS
4 3 (3.23%) Mac OS X
4 3 (3.23%) Ubuntu
4 3 (3.23%) Windows Server
5 1 (1.08%) AIX
5 1 (1.08%) Unix
Processes & Methodologies
1 72 (77.42%) Information Security
2 56 (60.22%) Risk Management
3 49 (52.69%) Cybersecurity
4 22 (23.66%) Data Protection
5 19 (20.43%) Remediation Plan
6 17 (18.28%) Risk Assessment
7 14 (15.05%) Penetration Testing
8 13 (13.98%) SIEM
9 12 (12.90%) Stakeholder Management
10 10 (10.75%) Data Security
10 10 (10.75%) Threat Intelligence
11 9 (9.68%) Computer Science
11 9 (9.68%) Data Privacy
11 9 (9.68%) IT Audit
12 8 (8.60%) Agile Software Development
12 8 (8.60%) Problem-Solving
13 7 (7.53%) Security Management
13 7 (7.53%) Security Operations
13 7 (7.53%) Vulnerability Management
14 6 (6.45%) Analytics
Programming Languages
1 8 (8.60%) PowerShell
2 7 (7.53%) Python
3 4 (4.30%) Bash Shell
3 4 (4.30%) Go
3 4 (4.30%) SQL
4 3 (3.23%) C
4 3 (3.23%) R
5 1 (1.08%) Java
5 1 (1.08%) JavaScript
5 1 (1.08%) PHP
5 1 (1.08%) Ruby
Qualifications
1 85 (91.40%) CISSP
2 69 (74.19%) CISM
3 63 (67.74%) CISA
4 30 (32.26%) Degree
5 21 (22.58%) ISO 27001 Lead Auditor
6 11 (11.83%) (ISC)2 CCSP
6 11 (11.83%) CESG Certified Professional
6 11 (11.83%) Cisco Certification
6 11 (11.83%) SC Cleared
6 11 (11.83%) Security Cleared
7 7 (7.53%) GIAC
8 6 (6.45%) CompTIA Security+
9 5 (5.38%) CGEIT
9 5 (5.38%) DV Cleared
9 5 (5.38%) SANS
10 4 (4.30%) Computer Science Degree
10 4 (4.30%) GCIH
10 4 (4.30%) GSEC
10 4 (4.30%) Master's Degree
11 3 (3.23%) GCFE
Quality Assurance & Compliance
1 60 (64.52%) ISO/IEC 27001
2 27 (29.03%) NIST
3 14 (15.05%) GDPR
4 12 (12.90%) PCI DSS
5 10 (10.75%) Cyber Essentials
6 9 (9.68%) ISO/IEC 27002 (supersedes ISO/IEC 17799)
7 8 (8.60%) COBIT
7 8 (8.60%) NCSC
8 6 (6.45%) ISO/IEC 27005
9 5 (5.38%) HMG Security Policy Framework
10 4 (4.30%) Sarbanes-Oxley
11 2 (2.15%) ISO 22301
11 2 (2.15%) JSP 440
11 2 (2.15%) RMADS
11 2 (2.15%) SLA
12 1 (1.08%) ISO 9001
12 1 (1.08%) NIST 800
System Software
1 4 (4.30%) Active Directory
2 1 (1.08%) Docker
2 1 (1.08%) VMware Infrastructure
Systems Management
1 3 (3.23%) QRadar
2 1 (1.08%) Ansible
2 1 (1.08%) CASB
2 1 (1.08%) HAProxy
2 1 (1.08%) Kubernetes
2 1 (1.08%) Nessus
2 1 (1.08%) Opscode Chef
2 1 (1.08%) Puppet
2 1 (1.08%) SCCM
Vendors
1 20 (21.51%) Microsoft
2 3 (3.23%) Darktrace
2 3 (3.23%) Red Hat
3 1 (1.08%) Cisco
3 1 (1.08%) Fortinet
3 1 (1.08%) Splunk
3 1 (1.08%) Tripwire
3 1 (1.08%) VMware