CGEIT — Certified in the Governance of Enterprise IT

The exam contains 150 multiple-choice questions. You’ll have four hours to complete the test and need a minimum passing score of 450 points out of 800. Exams are completed in person at testing centers or kiosk locations. At a testing center, you’ll take a live proctored exam alongside other test takers; kiosks offer a more self-service experience where you work alone at a private workstation.

Read our CGEIT exam details and process article for more information on scheduling and taking the CGEIT exam.

Since the CGEIT is written for those with at least five years of work experience in IT governance, it’s a difficult exam. The questions are designed to make you think like an IT executive. It also has a relatively slim study guide compared to other ISACA certifications.

To pass the test, (like Infosec Alum Rexson Derrao who earned the world's highest CGEIT score), you'll need to earn at least 450 points out of a total of 800.

Practice exams can help you gauge your current “score” and provide valuable insight into which domains you should focus your studies. Pass rates vary depending on an individual’s experience, study habits and test-taking strategies.

For example, Infosec partners with ISACA to offer a CGEIT Boot Camp, which comes with an Exam Pass Guarantee, which means if you don’t pass the exam on your first attempt, you’ll get a second attempt at no cost to you.

The cost of the CGEIT exam will depend on your membership status with ISACA. Members of ISACA pay $575 to take the exam, while non-members pay $760. You can find the most up-to-date pricing for ISACA exams on the ISACA website. You can download ISACA's Exam Candidate Information Guide (English) in multiple languages to get the most up-to-date information about costs and other exam details.

The CGEIT exam is administered by PSI. You can take the exam online with remote proctoring or in-person at a PSI testing center. For more information, see the "Register for the Exam" section on the ISACA CGEIT page.

• Watch this video to learn more about testing in person at a PSI test center.
• Watch this video to learn more about remote testing.

You have a variety of learning resources at your disposal to prepare for the CGEIT exam. We recommend starting out with the ISACA candidate guide (check out the ISACA CGEIT webpage for the most up-to-date version or to download the guide in other languages). The guide covers topics related to exam registration, important deadlines, exam domains and more. The guide is a must-read for every CGEIT test taker.

Several training resources are provided in the free and paid CGEIT training resources sections below.

It's helpful to learn about how others have prepared. Read How Infosec Alum Rexson Serrao earned the world’s highest CGEIT score.

Once you successfully pass the CGEIT exam, your certification will be valid for three years. To maintain your certification, you must complete 120 hours of CGEIT continuing professional education (CPE) over the next three years, with a minimum of 20 hours annually. You’ll also have to pay a yearly maintenance fee of $45 for ISACA members and $85 for non-members. A variety of activities count as CPEs, from attending conferences to completing online training and more — you can view the full list of qualifying activities to choose what’s right for you.

Our How to earn CGEIT CPE credits article is filled with a wealth of helpful information.

The cost to renew the CGEIT is $45/year for ISACA members and $85/year for non-members. The renewal cost drops for every credential after your first two — ISACA members pay $25/year per credential, and non-members pay $50/year.

For more information, read our article, Maintaining your CGEIT certification: Renewal requirements.

CGEIT holders are usually found in roles that center on IT governance in an advisory capacity to upper management or board members. Here’s a list of popular CGEIT jobs:

• Senior IT internal auditor, cybersecurity and compliance
• Lead analyst — IT governance, risk and compliance
• Security risk and compliance specialist
• Information security compliance manager
• Governance risk consultant
• IT risk manager
• IT governance controls specialist

Want to learn more about your job options? Take a look at our  Common CGEIT job titles  and CGEIT overview and career path articles.

Specific job duties vary from role to role, but CGEIT holders are typically upper-level managers who advise other enterprise leaders on how the business should operate in IT governance and compliance.

Depending on your role, you may research and implement a specific governance framework in addition to auditing the existing framework to ensure it gels with the company's strategic goals. You may also have a hand in implementing a risk management framework and creating plans to help the business continue operating in the event of an attack.

For more details on specific tasks, see the CGEIT exam outline, which includes the main job areas covered in the CGEIT certification as well as 38 supporting tasks.

Whether or not earning the CGEIT is worth it depends on your career goals. The certification can give you an edge if your sights are set on a position like CISO or senior IT internal auditor.

The CGEIT is valuable if you want to validate your knowledge of domains related to IT governance, risk optimization and strategic management. In addition to skill validation and job prospects, the CGEIT also boasts the highest average salary of all ISACA certifications.

According to ISACA, the average salary for CGEIT holders is $141,000 annually. Your exact salary will vary based on factors like seniority, employer and location. Here are salary ranges for GCEIT’s common roles (all data was taken from Glassdoor in July 2022).

• Senior IT internal auditor: $88k-$176k
• Lead analyst — IT governance, risk and compliance: $65k-$165k
• Security risk and compliance specialist: 52k-$148k
• Information security compliance manager: $85k-$182k
• Governance risk consultant: $76k-$209k
• IT risk manager: $87k-$180k
• Information governance specialist: $65k-$203k

Read our Average CGEIT salary article for more information.

Over 8,000 professionals worldwide hold the CGEIT. As a vendor-neutral certification with high earning potential, it’s an ideal credential for up-and-coming leaders in the IT enterprise governance space.

ISACA offers Certified Information Security Manager (CISM) to professionals with technical experience in IS/IT security and control. CISM holders occupy roles such as information system security officer, information/privacy risk consultant, information security manager and chief information security officer. As a mid-career certification, applicants must have a minimum of 5 years of related work experience to qualify. The average salary for CISM holders is $129,000 compared to $141,000 for the CGEIT.

For more information on the CISM exam and job opportunities, visit Infosec's CISM hub, read our Best information security management certifications article and  The ultimate guide to ISACA certifications: Overview & career paths.

Certified in Risk and Information Systems Control (CRISC) by ISACA is a mid-career certification geared toward IT audit, risk, and security professionals. CRISC covers the domains of governance, IT risk assessment, risk response and reporting and IT and security. There are more than 30,000 CRISC holders worldwide in CRISC jobs, such as information technology (IT) auditor, information security officer, and director of risk management/risk control. Earning potential for CRISC is reported to be an average of $132,266 for CRISC and $141,000 for CGEIT.

For more information on the CRISC, read  Top 5 highest-paying infosec certifications and  The ultimate guide to ISACA certifications: Overview & career paths.

Certified Information Systems Security Professional (CISSP) is a credential provided by (ISC)2 to mid-career professionals in security and risk management. To qualify for the exam, you need at least five years of professional experience in two of CISSP’s eight domains. CISSP holders are well-suited for a range of management and practitioner roles, including security analyst, security systems engineer, IT manager/director and chief information officer. The certification also provides competitive earning prospects with an average salary of $120,552 in North America.

View our CISSP hub to learn more.

COBIT 5 is a series of certifications by ISACA validating that the holder has the professional skills to implement the COBIT 5 framework for governance and management of enterprise IT. Most recently updated in 2019, COBIT comprises COBIT 5 Assessor, COBIT 5 Foundation, COBIT 5 Implementation and Implementing the NIST Cybersecurity Framework Using COBIT 5.

The average salary for COBIT 5 Foundation certification holders is $114,949. Common job titles for this credential include information systems audit manager, risk management analyst and information technology (IT) consultant.

The ITIL framework by Axelos is a well-recognized model for IT service management and delivery. It performs well across various industries, and its core principles are compatible with those of other common frameworks like COBIT and Six Sigma.

Learners begin the ITIL certification process by earning the ITIL foundation credential before following one of two tracks: ITIL managing professional (MP) or ITIL strategic leader. After completing all modules in their respective track, learners complete the certification scheme by earning the ITIL master.

Due to the credential’s pathway scheme, various career options range from practitioner-level roles in project management to executive-level positions as CIO and CISO. Salary expectations are also quite diverse and can fall anywhere from $72,852 to $188,388.