Throughout my years working in risk and controls, the two constants that helped propel my career have been demonstrating professional knowledge and enabling opportunities. While these may happen naturally in the work environment, they can be empowered through certification and volunteerism.
In my experience, IT professionals come into the field of risk and controls from a variety of backgrounds and educational paths. I worked for a large, publicly traded company when the Sarbanes-Oxley (SOX) Act of 2002 was passed by the US Congress. At the time, I could not imagine my temporary work assignment on implementing a formalized control framework would lead down the path of a career dedicated to risk and controls.
Professional certification has been a critical part of that path. Having professional certifications such as ISACA’s Certified in Risk and Information Systems Control (CRISC) show your commitment and knowledge in the field. Furthermore, it demonstrates that you can go beyond your organization’s walls and adhere to industry-wide best practices and standards. This is especially key in the early stages of your career when you are still developing a portfolio of work projects.
The second critical part of my path has been volunteering. When mentioning volunteerism, many social causes often come to mind: it could be through your religious affiliation, your community or a non-profit charity. But volunteering for professional causes can have a huge impact on your career. Volunteering builds a professional network, enhances the resources available to you, can help mentor students interested in the field and gives back to the communities where you work.
I’ve been fortunate to have those two paths mentioned above intersect in a fulfilling way. One of my recent volunteer experiences was to help with the recent update of the CRISC exam that was released last month. I was part of a group of industry subject matter experts who focused on item development for the new exam outline. I received my CRISC certification the first year the exam was released, so it felt like coming full circle to then work on this project and be a part of aligning the exam content to the changes we were seeing in the workplace and control industry trends. It was a rewarding experience to connect my industry experience back to the CRISC certification.
Not sure where to begin on your career development path? Check if your company offers any Employee Resource Groups (ERGs). Especially for new graduates, these groups can be a great way to kick-start the journey into professional volunteerism. Larger companies may have a mix of ERGs – new hires, veterans, women, or parents in the workplace. Professional organizations like ISACA also offer a huge variety of volunteer opportunities at the organizational level or through a local chapter.
Personally, I’ve served as a board member for my local ISACA chapter, continually volunteer for CRISC exam working groups, serve as a leader in my workplace’s LGBTQ ERG, and maintain my professional certifications. I’ve found my involvement in these activities has enhanced my career and guided my career path in the right direction even more than I envisioned. Going down this path is especially valuable in the field of risk and controls since internal teams may be small and outside guidance can be critical to ensuring success within your organization.