CISM vs CRISC
Certified Information Security Manager and Certified in Risk and Information Systems Control compared with live job-market data: demand, salary, difficulty, and cost — updated weekly.
The short answer
CISM leads on market demand (6,521 vs 1,707 US job postings) and CISMalso leads on average salary ($140,000). Both carry a 4/5 difficulty rating, so the decision comes down to career direction rather than effort.
Side-by-Side Data
| CISM | CRISC | |
|---|---|---|
| Job Postings | 6,521leads | 1,707 |
| Market Share | 0.11% | 0.03% |
| Demand Trend | Rising | Stable |
| Avg Salary | $140,000leads | $132,000 |
| Difficulty (1-5) | 4 / 5 | 4 / 5 |
| Exam Cost | $575 (Member) / $760 (Non-Member) | $575 (Member) / $760 (Non-Member) |
| Study Time | ~150 hours | 100-150 hours |
Job counts and market share from live US job postings, updated weekly. Want a different matchup? Use theinteractive comparison tool.
CISM
Certified Information Security Manager
ISACA's management-focused security certification. Validates expertise in information security governance, risk management, and incident response. The 4-hour exam features 150 questions. Requires 5 years of verified security management experience.
CRISC
Certified in Risk and Information Systems Control
ISACA's IT risk management certification covering risk identification, assessment, response, and monitoring. The 4-hour exam has 150 scenario-based questions requiring 450/800 to pass. Requires 3 years of risk and control experience.
CISM vs CRISC: FAQ
Which pays more, CISM or CRISC?+
CISM is associated with the higher average salary: about $140,000 vs $132,000 for CRISC, based on current US job market data.
Which is more in demand, CISM or CRISC?+
CISM currently appears in 6,521 US job postings versus 1,707 for CRISC — roughly 3.8× the demand. Data updates weekly from live job listings.
Is CRISC harder than CISM?+
Both are rated 4/5 difficulty on our scale, though exam formats and prerequisites differ — see each certification's page for specifics.
Should I get both CISM and CRISC?+
Many professionals eventually hold both, but sequencing matters. A common path is starting with CISM (4/5 difficulty) and progressing to CRISC. Compare requirements on each certification's detail page before committing.