Jose Vazquez has spent most of his career working in compliance, audit and business controls roles and has familiarized himself with many industry- and company-specific IT risk management frameworks. After helping implement International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) standard ISO/IEC 27001 at his workplace, Vazquez felt he needed to solidify his expertise in IT risk management by obtaining a better understanding of frameworks and best practices. To achieve this, he turned to ISACA®—specifically, ISACA’s Certified in Risk and Information Systems Control® (CRISC®) certification. “Being recognized as CRISC-certified has increased my reputation in the company when it comes to the security, risk and compliance arena,” Vazquez says.
As Nestlé Canada’s functional relationship manager, Vazquez uses CRISC and ISACA’s IT risk management methodology when interacting with business partners. “I am able to contribute a risk management perspective to discussions with product owners, external and internal partners, and solution vendors,” Vazquez says. “This means solutions are deployed with a compliance-by-design point of view and ensures that Nestlé is a secure organization.” Vazquez finds satisfaction in delivering customer-centric and highly compliant and secure solutions that enterprises can leverage to execute their strategies. “The best part of my job is when I see business results powered by solutions I helped deploy,” Vazquez says.
But he admits that there have been moments during his career when he has found it challenging to keep up with IT innovation and capabilities, noting that sometimes enterprises fail to take risk management into account when deciding to implement new technologies. “Organizations are eager to execute their strategies, which often depend on new IT solutions or applications,” Vazquez says. “But in some cases, organizations fail to consider IT risk management when selecting a new vendor. IT teams function as business partners to ensure that proper context is provided when considering new solutions and that the risk register is used to determine risk and necessary actions.”
Vazquez feels confident that possessing the CRISC certification will expand his opportunities to venture into new industries, noting that “IT risk management is one of the most important skill sets for IT professionals to have.” He also believes CRISC has benefitted him beyond his career. “CRISC gives me more context on risk management methodologies that I can use for my personal life,” Vazquez says.
To learn more about the benefits of CRISC, visit the CRISC page of the ISACA website.