Certification Program Compliance and Risk Manager

About ISACA

Overview

This position is accountable for managing ISACA’s credentialing programs policies, including certification, recertification, appeals, and exam security policies and ensuring that certification operational procedures are compliant with these policies. This position is responsible for ensuring that all certification policies and procedures are compliant with the ISO/IEC 17024:2026 standard via the ANAB accreditation.

This position is also responsible for the design, implementation and testing of controls to mitigate risk associated with exam IP and certification fraud, as well as continuous monitoring of the certification threat landscape.

This position oversees credentialing policy-driven activities, supports regulatory compliance, and collaborates with internal teams to maintain high standards of exam integrity and certification management system efficiency.

Responsibilities

• Identify and document risk scenarios and work with internal and external stakeholders to develop, implement, and test controls to mitigate impact. Maintain ISACA’s Certification Impartiality Threat Analysis to address emerging threats within ISACA’s certification landscape.
• Own the governance, review, and continuous improvement of the Certification Policies and Procedures Manual, ensuring certification policies, processes, and controls remain compliant with ISO/IEC 17024:2026 requirements. Assess the impact of policy changes, identify compliance risks and gaps, and partner with Sr. Management to implement corrective actions and maintain accreditation readiness.
• Manage the completion and maintenance of ANSI accreditation process documentation required for the annual surveillance application of ISACA certification programs. Coordinate with internal stakeholders to gather, review, and validate evidence of compliance with accreditation requirements, ensuring documentation is accurate, complete, and submitted within established timelines. Assist in the evaluation of surveillance findings, contribute to root cause analyses of identified nonconformities, and manage the development, implementation, monitoring, and validation of corrective actions to address compliance risks and maintain continued accreditation status for ISACA certifications.
• Maintain and update certification-control documents (ECG, CPE Policy,) and verify ISACA external (e.g. website) information aligns to updated policy or procedures
• Conduct compliance reviews of the certification management system to ensure continuous compliance with the ISO/IEC 17024:2026 Standard. Conduct periodic certification management system review meetings with Senior Management to identify inefficiencies and potential enhancements, document and implement resolutions.
• Oversee the conduct of investigations into suspected fraudulent cases, document findings, and report to appropriate stakeholders. Develop and analyze KRIs for each certification-related risk
• Coordinate with legal, cybersecurity, IT and product teams to address large-scale certification fraud. Analyze data and create reports for management on potential fraud risks, trends, and the results of investigations. Prepare and present certification compliance metrics, annual assessment results, and accreditation-related reporting for governance bodies, including the Audit and Risk Committee (ARC), ensuring transparency, accountability, and informed decision-making.
• Manage the Certification Audit Program and serve as liaison to annual policy audits.
• Manage reports related to credentialing status, compliance metrics, and operational performance. Manage the Preventive and Corrective Actions Tracking process and worksheet to ensure identified controls have been implemented according to the timeline.

Qualifications

Required Field of Study:

• Bachelor's degree in business, Law, Certification, Risk, or related field

Minimum Years of Experience Required:

• 5+ years of experience in accredidation credentialing standards (e.g.ANAB ISO/IEC 17024), compliance, quality assurance, risk mitigation, exam security and fraud prevention including minimum of 2 years or supervisory or project management.
• 3+ years of direct experience managing certification program governance, risk, compliance, or accreditation activities.

Description of Minimum Relevant Experience Required:

• Experience supporting accredited certification programs and maintaining compliance with accreditation standards (e.g., ANAB ISO/IEC 17024), including applying regulatory, legal, and ethical requirements in credentialing environments.
• Proven track record in enterprise risk management, including risk identification, assessment, mitigation planning, risk register management, and development of compliance monitoring frameworks and internal controls.
• Experience managing compliance operations, including corrective and preventive action (CAPA) processes, audit readiness activities, and execution of compliance reviews or accreditation assessments.
• Advanced experience overseeing credentialing integrity functions, including investigation of exam irregularities, misconduct, and certification violations, as well as implementation of exam security, fraud prevention, and test integrity controls.
• Proficiency in developing governance documentation, including policies, SOPs, procedures, and control frameworks.
• Advanced skills in analyzing compliance and operational data, building dashboards and risk reporting tools, and preparing and presenting findings to leadership.
• Experience working with certification management systems or credentialing platforms, as well as workflow or case management tools (e.g., Jira or similar systems).
• Proven track record managing cross-functional initiatives and stakeholder groups across compliance, operations, and program functions.

Preferred Field of Study:

• Masters Degree in Business, Law, Certification, Risk, Quality Management or related field

Preferred Years of Experience:

• 10 + years of relevant experience, including 5+ years managing certification programs accreditation activities, compliance functions, fruad prevention, or risk management initiative

Description of Preferred Relevant Experience:

• Proven experience leading accreditation applications, renewals, audits, or site visits.
• Demonstrated ability to design and implement enterprise risk assessments, risk registers, and compliance monitoring frameworks.
• Proven experience managing exam security, candidate misconduct investigations, or credentialing integrity programs.
• Demonstrated advanced proficiency in business intelligence and data visualization tools (Excel, Power BI, Tableau), including dashboard development.

Certification and Licensing Preferred:

• CISA - Demonstrates expertise in auditing, control assessment, and compliance evaluation.
• CISM - Demonstrates knowledge of governance, risk management, and security program management.
• CRISC - Focuses on risk identification, assessment, response, and monitoring.
• PMP - Demonstrates advanced project and program management capabilities.
• CCEP - Validates knowledge of compliance program design, ethics, investigations, and regulatory requirements.

Competencies/Skills Required:

• Demonstrated skill in analyzing complex certification, compliance, and operational data to identify trends, risks, control gaps, and opportunities for process improvement.
• Proven ability to design, implement, and evaluate certification program controls that ensure compliance, credential integrity, and effective risk mitigation.
• Strong skill in developing, documenting, and optimizing policies, procedures, workflows, and business processes to improve operational efficiency and compliance.
• Ability to conduct root cause analyses of compliance issues, process failures, and certification program risks, and develop effective corrective and preventive actions.
• Experience using data-driven approaches to support decision-making, risk assessments, performance monitoring, and continuous improvement initiatives.
• Strong analytical and problem-solving skills with the ability to translate findings into actionable recommendations and sustainable process improvements.
• Knowledge of regulatory frameworks and standards like ISO/IEC 17024 for personnel certification. 
• Excellent oral and written communication skills
• Detail-oriented with strong analytical thinking
• Ability to manage sensitive data and confidential investigations
• Ability to present new ideas, approaches, and information clearly
• Outstanding attention to detail and organizational skills
• Ability to manage multiple projects effectively
• Strong interpersonal skills and the ability to be collaborative with people from various departments
• Proficiency in Microsoft Office products (Word, PowerPoint, and Excel)
• Strong business acumen

Occasional onsite presence may be required as well as periodic travel for purposes of attending company-sponsored events, meetings, all-hands gatherings or additional meetings required of this position.

Equal Opportunity Employer (EEO)

Posted Salary Range

Benefits Information

Benefits Information available below: 

ISACA Career Opportunities and Benefits