Cyber Security Category Banner Image

Certified in Governance, Risk and Compliance (CGRC®)

  • Length 5 days
  • Price  NZD 3900 exc GST
Course overview
View dates &
book now
Course locations >>

Why study this course

Certified in Governance, Risk and Compliance (CGRC) cybersecurity professionals have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organisation while helping the organisation achieve objectives, address uncertainty and act with integrity.  

CGRC professionals align IT goals with organisational objectives as they manage cyber risks and achieve regulatory needs. They utilise frameworks to integrate security and privacy with the organisation’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks. 

CGRC is particularly well-suited for IT, information security and cybersecurity practitioners who manage risk in information systems. It is also recommended for any practitioner involved in authorising and maintaining information systems. 

Please note: The exam is not included in the course fee but can be purchased separately. Please contact us for a quote.

Aligns to certification

Request Course Information


What you’ll learn

The broad spectrum of topics included in the CGRC Common Body of Knowledge (CBK®) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following domains:  

  • Security and Privacy Governance, Risk Management, and Compliance Program  

  • Scope of the System

  • Selection and Approval of Framework, Security, and Privacy Controls 

  • Implementation of Security and Privacy Controls  

  • Assessment/Audit of Security and Privacy Controls  

  • System Compliance  

  • Compliance Maintenance 


ISC2 Official Training Partner - Preferred

ISC2 at Lumify Work

ISC2: The world’s leading cyber security and IT security professional organisation. Lumify Work is one of only a few select training providers in Australia with campuses in New Zealand and the Philippines. We offer official ISC2 courses and training materials.


Who is the course for?

CGRC is particularly well-suited for IT, information security and cybersecurity practitioners who manage risk in information systems. It is also recommended for any practitioner involved in authorising and maintaining information systems.


Course subjects

This course provides in-depth coverage of the seven domains required to prepare for the CGRC exam. Refer to the CGRC Exam Outline for a deeper dive into the CGRC domains.

Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program 

  • Demonstrate knowledge in security and privacy governance, risk management, and compliance program

  • Demonstrate knowledge in security and privacy governance, risk management and compliance program processes

  • Demonstrate knowledge of compliance frameworks, regulations, privacy, and security requirements

Domain 2: Scope of the System

  • Describe the system

  • Determine security compliance required

Domain 3: Selection and Approval of Framework, Security, and Privacy Controls

  • Identify and document baseline and inherited controls

  • Select and tailor controls

Domain 4: Implementation of Security and Privacy Controls

  • Develop implementation strategy (e.g., resourcing, funding, timeline, effectiveness)

  • Implement selected controls

Domain 5: Assessment/Audit of Security and Privacy Controls

  • Prepare for assessment/audit

  • Conduct assessment/audit

  • Prepare the initial assessment/audit report

  • Review initial assessment/audit report and plan risk response actions

  • Develop final assessment/audit report

  • Develop risk response plan

Domain 6: System Compliance

  • Review and submit security/privacy documents

  • Determine system risk posture

  • Document system compliance

Domain 7: Compliance Maintenance

  • Perform system change management

  • Perform ongoing compliance activities based on requirements

  • Engage in audits activities based on compliance requirements

  • Decommission system when applicable


Prerequisites

To achieve the CGRC certification, candidates must pass the CGRC exam and must have a minimum of two years cumulative work experience in one or more of the domains of the CGRC CBK.

A candidate that doesn’t have the required experience to become a CGRC may become an Associate of ISC2 by successfully passing the CGRC examination. The Associate of ISC2 will then have three years to earn the two-year required experience. You can learn more about CGRC experience requirements and how to account for part-time work and internships by clicking here.   


Terms & Conditions

The supply of this course by Lumify Work is governed by the booking terms and conditions. Please read the terms and conditions carefully before enrolling in this course, as enrolment in the course is conditional on acceptance of these terms and conditions.


Request Course Information

Awaiting course schedule

If you would like to receive a notification when this course becomes available, enter your details below.

Personalise your schedule with Lumify USchedule

Interested in a course that we have not yet scheduled? Get in touch, and ask for your preferred date and time. We can work together to make it happen.



Loading