What are the CGEIT domains?
The CGEIT exam covers four job practice areas, also known as knowledge areas or domains.
Learn more about the CGEIT domains.
How do I get the CGEIT?
The CGEIT is designed for mid-career professionals and requires a minimum of five years of experience in a role related to advising or overseeing an enterprise’s IT governance program. “This is designed for highly experienced strategic IT professionals who are in the role of advisors to upper management and the board,” explains ISACA's Chris DeMale. “We see this as the most C-level of the [ISACA] certifications. We see that it’s also for senior IT auditors, senior lead analysts, security risk and compliance specialists, information security compliance managers, and governance risk consultants.”
The CGEIT certification requirements include five or more years of IT governance experience.
Is CGEIT the right ISACA certification for me?
Determining whether or not the CGEIT is the best certification for you depends on your career goals. CGEIT is ideal for roles focused on “establishing and managing a framework of governance of IT as well as serving in an advisory role or oversight role,” explains Chris DeMale of ISACA. He also reiterates, "CGEIT is a terrific solution for the governance component where you are determining the rules by which the organization needs to operate.” This focus is reflected in CGEIT’s updated domains, which feature governance and management of IT and strategic management.
The CGEIT also overlaps with another ISACA certification in IT governance, the COBIT 5. “Governance and COBIT go hand in hand,” says DeMale. “If you are an expert in COBIT and you want to demonstrate your expertise in governance, those two go hand in hand, and we recommend reaching out to InfoSec for either one of those options.”
CGEIT exam FAQs
The most recent version of the CGEIT exam tests your knowledge of IT governance and enterprise risk optimization. The latest version, which came out in July 2020 (see the detailed CGEIT exam objectives), features updated domains that are more relevant to today’s IT environment. Here’s what you should know about the current CGEIT exam:
How many questions are on the CGEIT exam? How long is the CGEIT exam?
The exam contains 150 multiple-choice questions. You’ll have four hours to complete the test and need a minimum passing score of 450 points out of 800. Exams are completed in person at testing centers or kiosk locations. At a testing center, you’ll take a live proctored exam alongside other test takers; kiosks offer a more self-service experience where you work alone at a private workstation.
Read our CGEIT exam details and process article for more information on scheduling and taking the CGEIT exam.
How hard is the CGEIT exam?
Since the CGEIT is written for those with at least five years of work experience in IT governance, it’s a difficult exam. The questions are designed to make you think like an IT executive. It also has a relatively slim study guide compared to other ISACA certifications.
To pass the test, (like Infosec Alum Rexson Derrao who earned the world's highest CGEIT score), you'll need to earn at least 450 points out of a total of 800.
Practice exams can help you gauge your current “score” and provide valuable insight into which domains you should focus your studies. Pass rates vary depending on an individual’s experience, study habits and test-taking strategies.
For example, Infosec partners with ISACA to offer a CGEIT Boot Camp, which comes with an Exam Pass Guarantee, which means if you don’t pass the exam on your first attempt, you’ll get a second attempt at no cost to you.
How much does the CGEIT exam cost?
The cost of the CGEIT exam will depend on your membership status with ISACA. Members of ISACA pay $575 to take the exam, while non-members pay $760. You can find the most up-to-date pricing for ISACA exams on the ISACA website. You can download ISACA's Exam Candidate Information Guide (English) in multiple languages to get the most up-to-date information about costs and other exam details.
Where do I take the CGEIT exam?
The CGEIT exam is administered by PSI. You can take the exam online with remote proctoring or in-person at a PSI testing center. For more information, see the "Register for the Exam" section on the ISACA CGEIT page.
- Watch this video to learn more about testing in person at a PSI test center.
- Watch this video to learn more about remote testing.
How to prepare for CGEIT exam?
You have a variety of learning resources at your disposal to prepare for the CGEIT exam. We recommend starting out with the ISACA candidate guide (check out the ISACA CGEIT webpage for the most up-to-date version or to download the guide in other languages). The guide covers topics related to exam registration, important deadlines, exam domains and more. The guide is a must-read for every CGEIT test taker.
Several training resources are provided in the free and paid CGEIT training resources sections below.
It's helpful to learn about how others have prepared. Read How Infosec Alum Rexson Serrao earned the world’s highest CGEIT score.
How long is my CGEIT certification active? How do I earn CPEs?
Once you successfully pass the CGEIT exam, your certification will be valid for three years. To maintain your certification, you must complete 120 hours of CGEIT continuing professional education (CPE) over the next three years, with a minimum of 20 hours annually. You’ll also have to pay a yearly maintenance fee of $45 for ISACA members and $85 for non-members. A variety of activities count as CPEs, from attending conferences to completing online training and more — you can view the full list of qualifying activities to choose what’s right for you.
Our How to earn CGEIT CPE credits article is filled with a wealth of helpful information.
How much does it cost to renew my CGEIT?
The cost to renew the CGEIT is $45/year for ISACA members and $85/year for non-members. The renewal cost drops for every credential after your first two — ISACA members pay $25/year per credential, and non-members pay $50/year.
For more information, read our article, Maintaining your CGEIT certification: Renewal requirements.
Free and self-study CGEIT materials
Budget-savvy test-takers will be pleased to learn that there are plenty of free CGEIT training resources to help you prepare for the CGEIT. ISACA itself has official study materials on its website, including a study guide and a database of exam questions. Be sure to check your local library if you’re training on a budget.
Books and study guides are excellent resources for preparing for the CGEIT exam. You may be able to find copies at your local library or bookstore, but there are plenty of online vendors to choose from as well, including the official ISACA store and Amazon. The two most popular official books are:
- CGEIT Review Manual, 8th Edition
- CGEIT Review Questions, Answers & Explanations, 5th Edition
Keep in mind that each resource comes in print and digital copies, so you can select the one that best meets your study preferences.
You can also download your free ISACA Career Kit for more information from ISACA on their certifications.
CGEIT practice exams and simulations
Practice exams are an excellent study resource for the real exam. Taking a CGEIT practice exam will give you an in-depth preview of the exam-taking experience, from pacing and timing to the types of questions asked. Your results will allow you to benchmark your skills and help you identify domains that require further study. Both official and unofficial practice exams are available.
- ISACA CGEIT practice exam
- CGEIT Questions, Answers & Explanations, 5th Edition (published by ISACA)
- Several services, such as Boson, Pocket Prep and CertLibray, also provide paid CGEIT practice exams
Infosec partners with ISACA to provide live online CGEIT Boot Camps that include unlimited practice exam attempts and a 12-month subscription to the ISACA QAE Database. Read How Infosec Alum Rexson Serrao earned the world’s highest CGEIT score after taking the CGEIT Boot Camp.
Other free CGEIT training resources
There are a number of other free CGEIT practice training materials being produced and shared by the community:
- Forums like TechExams and Reddit allow you to connect directly with others who are studying for or have already taken CGEIT.
- Podcasts may not help you directly study for your CGEIT exam, but those like the Cyber Work Podcast are a great way to learn about cybersecurity career options and your peers' career journeys.
- Video platforms are another great place to connect with cybersecurity practitioners and learn about the CGEIT exam. and many people have created free CGEIT videos on YouTube, TikTok, Twitch and other platforms, including our webcast on ISACA career paths.
CGEIT jobs and careers
Earning the CGEIT will open the pathway to executive positions in IT governance at large organizations. Once certified, you will have access to high-paying roles such as CIO/CISO, IT director and audit director.
What are common CGEIT jobs?
CGEIT holders are usually found in roles that center on IT governance in an advisory capacity to upper management or board members. Here’s a list of popular CGEIT jobs:
- Senior IT internal auditor, cybersecurity and compliance
- Lead analyst — IT governance, risk and compliance
- Security risk and compliance specialist
- Information security compliance manager
- Governance risk consultant
- IT risk manager
- IT governance controls specialist
Want to learn more about your job options? Take a look at our Common CGEIT job titles and CGEIT overview and career path articles.
What does a CGEIT certification holder do?
Specific job duties vary from role to role, but CGEIT holders are typically upper-level managers who advise other enterprise leaders on how the business should operate in IT governance and compliance.
Depending on your role, you may research and implement a specific governance framework in addition to auditing the existing framework to ensure it gels with the company's strategic goals. You may also have a hand in implementing a risk management framework and creating plans to help the business continue operating in the event of an attack.
For more details on specific tasks, see the CGEIT exam outline, which includes the main job areas covered in the CGEIT certification as well as 38 supporting tasks.
Is CGEIT worth it?
Whether or not earning the CGEIT is worth it depends on your career goals. The certification can give you an edge if your sights are set on a position like CISO or senior IT internal auditor.
The CGEIT is valuable if you want to validate your knowledge of domains related to IT governance, risk optimization and strategic management. In addition to skill validation and job prospects, the CGEIT also boasts the highest average salary of all ISACA certifications.
What is the CGEIT average salary?
According to our guide, the average CGEIT salary is $156,844. Here's where that sits alongside other ISACA certs:
- CISA: $102,827
- CISM: $156,420
- CRISC: $160,083
- CISSP: $151,860
- CCSP: $128,811
Get our salary guide to learn more.
How many people have CGEIT?
Over 8,000 professionals worldwide hold the CGEIT. As a vendor-neutral certification with high earning potential, it’s an ideal credential for up-and-coming leaders in the IT enterprise governance space.
Where can I find CGEIT jobs?
The CGEIT is a highly respected C-suite level certification. It's often listed in cybersecurity senior management job openings as a way to validate your knowledge and skills. To find CGEIT or cybersecurity management openings on general job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder, search for the keywords “CGEIT," "ISACA" or "security manager."
Security-focused job boards such as ClearedJobs and infosec-jobs.com are also good sources of roles for CGEIT holders. Other good sources of security job postings are cybersecurity groups like ISACA and others (ISSA, BSides, OWASP, Women in Cybersecurity and others) and cybersecurity websites.
Before your interview, check out our free ebook of cybersecurity interview tips, “How to stand out, get hired and advance your career.”
Paid CGEIT training and exam prep
When it comes to preparing for the CGEIT exam, you can choose to train yourself with books and free resources, or you can find a paid course. Most CGEIT courses fall into two categories: live online CGEIT camps or on-demand CGEIT courses where you go at your own pace.
CGEIT comparisons and alternatives
The CGEIT is one of several advanced cybersecurity certifications that you can choose from. Here’s how it stacks up against the others.
CGEIT vs. CISM
ISACA offers Certified Information Security Manager (CISM) to professionals with technical experience in IS/IT security and control. CISM holders occupy roles such as information system security officer, information/privacy risk consultant, information security manager and chief information security officer. As a mid-career certification, applicants must have a minimum of 5 years of related work experience to qualify. The average salary for CISM holders is $156,420 compared to $156,844 for the CGEIT.
For more information on the CISM exam and job opportunities, visit Infosec's CISM hub, read our Best information security management certifications article and The ultimate guide to ISACA certifications: Overview & career paths.
CGEIT vs. CRISC
Certified in Risk and Information Systems Control (CRISC) by ISACA is a mid-career certification geared toward IT audit, risk, and security professionals. CRISC covers the domains of governance, IT risk assessment, risk response and reporting and IT and security. There are more than 30,000 CRISC holders worldwide in CRISC jobs, such as information technology (IT) auditor, information security officer, and director of risk management/risk control. Earning potential for CRISC is reported to be an average of $160,083 for CRISC and $156,844 for CGEIT.
For more information on the CRISC, read Top 5 highest-paying infosec certifications and The ultimate guide to ISACA certifications: Overview & career paths.
CGEIT vs. CISSP
Certified Information Systems Security Professional (CISSP) is a credential provided by (ISC)2 to mid-career professionals in security and risk management. To qualify for the exam, you need at least five years of professional experience in two of CISSP’s eight domains. CISSP holders are well-suited for a range of management and practitioner roles, including security analyst, security systems engineer, IT manager/director and chief information officer. The certification also provides competitive earning prospects with an average salary of $151,860 in North America.
View our CISSP hub to learn more.
CGEIT vs. COBIT 5
COBIT 5 is a series of certifications by ISACA validating that the holder has the professional skills to implement the COBIT 5 framework for governance and management of enterprise IT. Most recently updated in 2019, COBIT comprises COBIT 5 Assessor, COBIT 5 Foundation, COBIT 5 Implementation and Implementing the NIST Cybersecurity Framework Using COBIT 5.
The average salary for COBIT 5 Foundation certification holders is $114,949. Common job titles for this credential include information systems audit manager, risk management analyst and information technology (IT) consultant.
CGEIT vs. ITIL
The ITIL framework by Axelos is a well-recognized model for IT service management and delivery. It performs well across various industries, and its core principles are compatible with those of other common frameworks like COBIT and Six Sigma.
Learners begin the ITIL certification process by earning the ITIL foundation credential before following one of two tracks: ITIL managing professional (MP) or ITIL strategic leader. After completing all modules in their respective track, learners complete the certification scheme by earning the ITIL master.
Due to the credential’s pathway scheme, various career options range from practitioner-level roles in project management to executive-level positions as CIO and CISO. Salary expectations are also quite diverse and can fall anywhere from $72,852 to $188,388.