Global Information Risk
Management Recruitment
Telephone: +44(0)20 7987 3838 Email:

How to train for a governance and compliance role

Filed under: Features — Mark on August 30, 2013

IT security is now becoming such a high priority in companies and organisations that getting the mechanics right is no longer sufficient. In order to instil and maintain confidence in customers, investors and indeed their own staff, businesses need to demonstrate that they are on the right track where security is concerned.

Businesses and organisations tend to achieve this goal through two means: sound IT governance and regulatory/legal compliance with industry standards. They usually employ compliance professionals to help them reach their goals. If you are interested in becoming one of these IT governance and compliance professionals, here is some guidance on a standard career path and associated training/qualifications.

Career path

First and foremost, it can help – but is by no means essential – to have an undergraduate degree in a technical subject such as Computer Science. Alternatively, a postgraduate degree such as an MSc in Knowledge Management could also be of assistance.

In terms of professional experience, some technical work for an organisation, such as IT support, is a good first step on the ladder. Indeed, some technical support jobs require an ITIL qualification, which would, even at this stage in your career, signal you are getting your head around IT governance. ITIL (Information Technology Infrastructure Library) is a set of best practice guidelines for managing IT services. There are plenty of certification opportunities, and they are worth exploring.

From the IT service desk, a future IT compliance professional may make a move into a more specialist area, perhaps related to information security. For instance, they might have a spell as a Systems Administrator, or branch out in to something more specialist, like penetration testing.

However, at some stage in their career, the fledgling IT governance professional will develop an interest in the more strategic, managerial side of IT. This could involve becoming, say, a Technical Project Manager or working in operations, or IT product management, possibly IT customer relations. On the security side, it may mean becoming a Security Analyst, or IT Risk Manager.

Recommended certifications

By this stage, acquiring further professional qualifications in IT governance will be all but essential. One highly recommended qualification is the CRISC (Certified in Risk and Information Systems Control) from ISACA, the established international organisation for IT governance professionals. The course covers such subjects as risk identification and analysis, risk response, and putting in place monitoring to ensure all bases are covered.

More specifically, qualifications in the all-important international IT governance standard, ISO 27001, can be obtained and would stand out on any IT compliance CV.

Furthermore, a more general IT security qualification, such as the highly regarded (and exacting) CISSP (Certified Information Systems Security Professional) could also help – indicating a wider general interest in corporate IT security.

Finally, whilst professional qualifications are all but essential in this box-ticking era, human qualities are almost as important in any IT compliance role. In particular, an eye for detail, whilst remaining personable and being able to get on with people at all levels of an organisation, are crucial.

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment


Please register and browse our jobs so we can help you start a new career!




Acumin © 2006-12