GRC professionals' salaries increase as demand for their skills rises

In recent years, expanding regulatory compliance rules and seemingly endless IT security risks stemming from multiple data sources make an effective GRC program vital to the modern organization's success.

Risk strategies are different now when we don't have data in our own facility and we don't know who is dealing with it for us. Ram Karumuri

As a result, governance, risk management and compliance (GRC) professionals have seen their roles dramatically increase in importance in the past several years. Salaries are now starting to catch up with this increased onus on GRC, according to the TechTarget IT Salary Survey 2013. From a sample size of 242 respondents who specialize in GRC and IT security, 59% received a raise and 35% received a bonus in 2013. Fifty-seven percent of respondents expect a raise in 2014 as well.
As factors such as mobility and the cloud create new data security risks, GRC professionals should continue to expect their skill sets to be highly sought after, said Derek Gascon, executive director of the Compliance, Governance & Oversight Council.
"Their skills are going to be unique, at least for a while," Gascon said. "All of the data that is being distributed through those mechanisms has to be managed somehow, and the governance people understand what kinds of policies are going to be necessary."

The number of opportunities in the GRC field appears to be growing as well: Although the majority of respondents had been in the IT field for 11 to 20 years (44%) or 21 to 30 years (21%), 56% said they had only been in their current position for one year to five years.
For those in their position less than one year, 19% said they sought the new job for more money. This trend could very well continue as opportunities for those in the GRC field grow in the coming years, said Ram Karumuri, a senior manager of IT audits for a banking organization.
"The days of ignoring compliance and audits are gone," Karumuri said. "In our organization, we plan to dedicate a few more people to audits because the environment for it is increasing."
New and emerging risk factors, including those stemming from mobile technology and cloud use, will only intensify the spotlight on data-related GRC processes, Karumuri added.
"Previously, we had everything in our data center," he said. "Governance of this and risk strategies are different now when we don't have data in our own facility and we don't know who is dealing with it for us."

In recent years, expanding regulatory compliance rules and seemingly endless IT security risks stemming from multiple data sources make an effective GRC program vital to the modern organization's success.

As a result, governance, risk management and compliance (GRC) professionals have seen their roles dramatically increase in importance in the past several years. Salaries are now starting to catch up with this increased onus on GRC, according to the TechTarget IT Salary Survey 2013. From a sample size of 242 respondents who specialize in GRC and IT security, 59% received a raise and 35% received a bonus in 2013. Fifty-seven percent of respondents expect a raise in 2014 as well.
As factors such as mobility and the cloud create new data security risks, GRC professionals should continue to expect their skill sets to be highly sought after, said Derek Gascon, executive director of the Compliance, Governance & Oversight Council.
"Their skills are going to be unique, at least for a while," Gascon said. "All of the data that is being distributed through those mechanisms has to be managed somehow, and the governance people understand what kinds of policies are going to be necessary."

 

The number of opportunities in the GRC field appears to be growing as well: Although the majority of respondents had been in the IT field for 11 to 20 years (44%) or 21 to 30 years (21%), 56% said they had only been in their current position for one year to five years.
For those in their position less than one year, 19% said they sought the new job for more money. This trend could very well continue as opportunities for those in the GRC field grow in the coming years, said Ram Karumuri, a senior manager of IT audits for a banking organization.
"The days of ignoring compliance and audits are gone," Karumuri said. "In our organization, we plan to dedicate a few more people to audits because the environment for it is increasing."
New and emerging risk factors, including those stemming from mobile technology and cloud use, will only intensify the spotlight on data-related GRC processes, Karumuri added.
"Previously, we had everything in our data center," he said. "Governance of this and risk strategies are different now when we don't have data in our own facility and we don't know who is dealing with it for us."